General
-
Target
24ba6182b2b896735636ee38d74d437d.bin
-
Size
874KB
-
Sample
231112-bxm1bsda39
-
MD5
305846362ef5d01973bcdafd27a2dbdc
-
SHA1
3ce3eb199cf77b8f27e7df1586ae65874d035706
-
SHA256
bfc632022c2cf12c89d68cae328c4bc8b72db03f4887cacfe488b7f435c1fa7c
-
SHA512
3b2380ece27cd6129b6ceecdaa6e8283cb0684489921c6359bd4d1c8cf46a86ade4cbdd1c57b6bde4dcf26aab0c6828bf3f11c20817f578d1d0b6c20068a84da
-
SSDEEP
24576:PW+J+F9cnOv/+4ihHzjFD/TK59ZNdjzhTE2oBdTI3:eQ+XcOBid3FD/u5HfFodTq
Static task
static1
Behavioral task
behavioral1
Sample
1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe
-
Size
917KB
-
MD5
24ba6182b2b896735636ee38d74d437d
-
SHA1
6655b258f4cdd4a59509e979febbe307b1b436cc
-
SHA256
1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3
-
SHA512
2dfe01e63175dcb82070537d4fa6a56082005c87fa3a1bfa794df69090e09e6171c9267eacef2c4438bf667fc1e91b7be123f597647c0650f0de9bcb39f452d5
-
SSDEEP
12288:oMrXy90VwYmWe3o6Wq2uQKALaex4IC52pCPHG7vPLvTMXiYQ1DxSMSBIWBcOI2mG:/yEDt6aXLaeuIsCC/GvLYDHmf3x9SJ
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-