General
-
Target
55c92c9d066595ad73adb426e0e8323b.bin
-
Size
874KB
-
Sample
231112-chm78acd6s
-
MD5
f295938358f0391e10180c0418f2c594
-
SHA1
711c5669a758a976ef997df6b5ed9582281d1478
-
SHA256
0d8a71a7fd5c82ef5f7bd5b3c7004c9b368dd991f27d8999e8b71c8c9872cb49
-
SHA512
59dbbfea22de3470e306ade99cfc7bae5d8ece1d790ee4ea21062ea0cf0e838003838bd009fb6ed788b42ac8d13fc500ad1bdb1091265ec9e2d5a814800d3faa
-
SSDEEP
12288:q/Oyim8p91mb+EQG1O9s2oHDewsia7CNIuFb9IYyN20JCZ87BlX7Z8GZyWEr/6sZ:+OC+EQG8HojdbOul97qZJ28Vr6rS6luK
Static task
static1
Behavioral task
behavioral1
Sample
cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe
-
Size
917KB
-
MD5
55c92c9d066595ad73adb426e0e8323b
-
SHA1
b6e3bc50e01fde7a05c6430135feb6a1cef04725
-
SHA256
cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1
-
SHA512
b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed
-
SSDEEP
24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-