General
-
Target
f9565cf61bb3c7a2977310e44fdb6b08d407f3d56424e88086708737269f9f59
-
Size
834KB
-
Sample
240417-qj4hgsha79
-
MD5
1c3a1ce2b11ed32ac7afdc4ec24b58c2
-
SHA1
837c71427fec85f7bff4de9e1f4bce89af3316fb
-
SHA256
f9565cf61bb3c7a2977310e44fdb6b08d407f3d56424e88086708737269f9f59
-
SHA512
52c32b46e728ef06249a3a2a68c2b494ee3ee844ae1d3b0cfb4a21f8526cc697d2d34798b56f19c81cb20ebed1a21af693b9180bfee0bab74acddd30307696a2
-
SSDEEP
24576:1sKms/kNI6e64OzjyoCbbtuTTEBlGsdJ62/Z:1sVs/cFzjXcsTo7tdJ6KZ
Static task
static1
Behavioral task
behavioral1
Sample
c3451f17e68d7115f4d2304d7102363fd86a8fe137f2557445f9020dd081584e.exe
Resource
win10v2004-20240412-en
Malware Config
Extracted
redline
breha
77.91.124.55:19071
Targets
-
-
Target
c3451f17e68d7115f4d2304d7102363fd86a8fe137f2557445f9020dd081584e.exe
-
Size
877KB
-
MD5
f19b25a510f738c87d225ec095f62267
-
SHA1
7c88a8cfc3a21a191f30a0a25a7beade95aacdbf
-
SHA256
c3451f17e68d7115f4d2304d7102363fd86a8fe137f2557445f9020dd081584e
-
SHA512
35a18109ada15f0425bccedf610d6a46f3d6e1490a63caa3ccdf3d0d6db0020a3f98f39747a762aaf310e4db3b3f2300649fb06281b5478ef4288f8c78a31548
-
SSDEEP
12288:xMrNy90/jzTZ7vwCgfMHrwSTw/xQdvTccDJbrLK+8+4hIE6afosGF8fU7pTMRJv:4yEj+C3jw/xQpcQfLP8M5gQsuq
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1