General
-
Target
fc7146e3235affb54b93a6fc37a3c234a15dd91e4af64f1214f2b78c4c0c878b
-
Size
1.3MB
-
Sample
231112-abn5tscg75
-
MD5
8eab8332f0e63a090bfa85010aaf5519
-
SHA1
d650e842b8b650e73609fd10597aba2c29b2d35e
-
SHA256
fc7146e3235affb54b93a6fc37a3c234a15dd91e4af64f1214f2b78c4c0c878b
-
SHA512
8028f308369f0f889f74e85d1592c07a4e5e5ffc501a0483aead9b561979e5b0ae406ac8740dc11a53d5d21d3179f0a4bfa71dac09786fe1f5693f2d8ce9919c
-
SSDEEP
24576:SygrAzhR+aehIsxCKGUSTDL0eWzIvx12JxjBlcNgubc65MI4F:53zreacbGvoIv72rjB+Njr6I
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
fc7146e3235affb54b93a6fc37a3c234a15dd91e4af64f1214f2b78c4c0c878b
-
Size
1.3MB
-
MD5
8eab8332f0e63a090bfa85010aaf5519
-
SHA1
d650e842b8b650e73609fd10597aba2c29b2d35e
-
SHA256
fc7146e3235affb54b93a6fc37a3c234a15dd91e4af64f1214f2b78c4c0c878b
-
SHA512
8028f308369f0f889f74e85d1592c07a4e5e5ffc501a0483aead9b561979e5b0ae406ac8740dc11a53d5d21d3179f0a4bfa71dac09786fe1f5693f2d8ce9919c
-
SSDEEP
24576:SygrAzhR+aehIsxCKGUSTDL0eWzIvx12JxjBlcNgubc65MI4F:53zreacbGvoIv72rjB+Njr6I
Score10/10-
Detect Mystic stealer payload
-
Detected google phishing page
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-