General
-
Target
ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8
-
Size
888KB
-
Sample
231114-kj39tshg9x
-
MD5
6a94128cfa49b6bca927ec11a720ba64
-
SHA1
1a8a7c205d93d9d3cddb6dca8ce3d3dba594e267
-
SHA256
ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8
-
SHA512
85f4ec51b780f89391f040ca2a93b6714fbf66f45a2c1821ee4898b8b7f39151f50109bb7eba3f11350af630ad29bd36d6b813c76b318e4ae1d7fbaee375009a
-
SSDEEP
24576:RySJLBPzwzL79IYq7cnvbMJ0vJSKbQDKe0JA43tgxQwh:Elf7BvblvJS1DKVJ0
Static task
static1
Behavioral task
behavioral1
Sample
ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8
-
Size
888KB
-
MD5
6a94128cfa49b6bca927ec11a720ba64
-
SHA1
1a8a7c205d93d9d3cddb6dca8ce3d3dba594e267
-
SHA256
ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8
-
SHA512
85f4ec51b780f89391f040ca2a93b6714fbf66f45a2c1821ee4898b8b7f39151f50109bb7eba3f11350af630ad29bd36d6b813c76b318e4ae1d7fbaee375009a
-
SSDEEP
24576:RySJLBPzwzL79IYq7cnvbMJ0vJSKbQDKe0JA43tgxQwh:Elf7BvblvJS1DKVJ0
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-