General
-
Target
malicious.exe
-
Size
1.8MB
-
Sample
241114-j5ww7szlaj
-
MD5
18cbe55c3b28754916f1cbf4dfc95cf9
-
SHA1
7ccfb7678c34d6a2bedc040da04e2b5201be453b
-
SHA256
248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b
-
SHA512
e1d4a7ab164a7e4176a3e4e915480e5c60efe7680d99f0f0bcbd834a4bec1798b951c49ef5c0cca6bea3c2577b475de3c51b2ef1ae70b525d046eb06591f7110
-
SSDEEP
49152:Eau0Bnly1l8B6hLa5vMIKHVo5W1v2mS0la98MT:Nfy1Wo+JK19eFE6
Static task
static1
Behavioral task
behavioral1
Sample
malicious.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
frant
77.91.124.55:19071
Targets
-
-
Target
malicious.exe
-
Size
1.8MB
-
MD5
18cbe55c3b28754916f1cbf4dfc95cf9
-
SHA1
7ccfb7678c34d6a2bedc040da04e2b5201be453b
-
SHA256
248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b
-
SHA512
e1d4a7ab164a7e4176a3e4e915480e5c60efe7680d99f0f0bcbd834a4bec1798b951c49ef5c0cca6bea3c2577b475de3c51b2ef1ae70b525d046eb06591f7110
-
SSDEEP
49152:Eau0Bnly1l8B6hLa5vMIKHVo5W1v2mS0la98MT:Nfy1Wo+JK19eFE6
-
Detect Mystic stealer payload
-
Mystic family
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Smokeloader family
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1