General
-
Target
026d75800260dad32ccddaa057686c6d.exe
-
Size
1.4MB
-
Sample
231114-pswzbsbb24
-
MD5
026d75800260dad32ccddaa057686c6d
-
SHA1
8fba7d5454baa53ecd75dbfb27c14943ce545083
-
SHA256
1abb8e978cc50ac436946ba779cfc8bdd5022a6251aca2d761b09b5a6433fbee
-
SHA512
b0954deb91e3b7e18d8788e3467a3298bdefbbd743405c6222ad7af2bf3f8e703ad10262d2bdf3dd019efbae996f2270925c30c357658a41dc98185dd1c56b20
-
SSDEEP
24576:eyJ3a1T6mx5FyKAH7KqcKnSYuZVzcwTTWkeMG:tda56YIKkRG/QA6k9
Static task
static1
Behavioral task
behavioral1
Sample
026d75800260dad32ccddaa057686c6d.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Extracted
risepro
5.42.92.51
Targets
-
-
Target
026d75800260dad32ccddaa057686c6d.exe
-
Size
1.4MB
-
MD5
026d75800260dad32ccddaa057686c6d
-
SHA1
8fba7d5454baa53ecd75dbfb27c14943ce545083
-
SHA256
1abb8e978cc50ac436946ba779cfc8bdd5022a6251aca2d761b09b5a6433fbee
-
SHA512
b0954deb91e3b7e18d8788e3467a3298bdefbbd743405c6222ad7af2bf3f8e703ad10262d2bdf3dd019efbae996f2270925c30c357658a41dc98185dd1c56b20
-
SSDEEP
24576:eyJ3a1T6mx5FyKAH7KqcKnSYuZVzcwTTWkeMG:tda56YIKkRG/QA6k9
-
Detect Mystic stealer payload
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Enumerates VirtualBox registry keys
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-