General
-
Target
60cab3014b05ed8fea9e2be10cf833834c14d2184abbb754498ba36043d36772
-
Size
864KB
-
Sample
231011-lxjm1sfc3w
-
MD5
f76e75c0b1539d78871e0169189fac47
-
SHA1
c6c7b22e213267be8b2d5987af28f5eb159dcffc
-
SHA256
187956eeec1e77f81d9f0f7c84cc9fc8d29c815f2d5669d33c8e0be6c6e5c409
-
SHA512
16c6f31ad111ee7c77cdacbb5a7c463e9f233a461000542b2dbbcc792c2cf484627eac26dc2e297adaa39393b9691b5198e467bbe786af6a742ef36f0feaa8e9
-
SSDEEP
12288:2q+MnPly90Gj3RKfKNoEKIUOhIQhuOFGL/5YX0e0OZ5ICEgDchOqVae8zhFkFggp:3Ply56KNuCzuO25+0G/IfYa/UORL
Malware Config
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
60cab3014b05ed8fea9e2be10cf833834c14d2184abbb754498ba36043d36772
-
Size
907KB
-
MD5
3ac63f44e31d4d7e78fc11853827282c
-
SHA1
13fb3b5448d5d9641ea6a9416ac1712fc4ad4ffd
-
SHA256
60cab3014b05ed8fea9e2be10cf833834c14d2184abbb754498ba36043d36772
-
SHA512
3e77cd94ff13b7ddd931294129e3368ede1c0474e1cf5e4df041c6eafe5f2fa1e09d02ff1403a0dd35b778875e2770f18ea2ba0bb96f488d630d49ce0a6bd775
-
SSDEEP
12288:/Mrby90kLRsfKdMbGJW/4UCTIQTeODGL/PYX0OqOJ5ICEgur6UIIVa88zhHkFwg4:cyrLYKdMgW/KpeOAP+0SPIheU7UuU
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-