General
-
Target
253e3a84a90f9b8664faa6cb542cf776665a3d7e1e5ce411d9c05cd4f3682b37
-
Size
1.3MB
-
Sample
231112-cfyaeacd5x
-
MD5
1e13e124b12c106f6720a5d534c57b54
-
SHA1
343a755f401cff2bafee973fbbd51ee1b4540cb5
-
SHA256
253e3a84a90f9b8664faa6cb542cf776665a3d7e1e5ce411d9c05cd4f3682b37
-
SHA512
7b3da224c239904a08f291d90cb4d507742c828d06227e86191de2e6c6645fc8eb293dec60828d11de4709b16a701d4c678fc915a695474ba16b6649babecf9b
-
SSDEEP
24576:My0DIMDStaeBIs6CsGavLD5TTygEcoY/xefIR9d0YTKg6N:70UFoe6n3GuNXyw3x+GA
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
253e3a84a90f9b8664faa6cb542cf776665a3d7e1e5ce411d9c05cd4f3682b37
-
Size
1.3MB
-
MD5
1e13e124b12c106f6720a5d534c57b54
-
SHA1
343a755f401cff2bafee973fbbd51ee1b4540cb5
-
SHA256
253e3a84a90f9b8664faa6cb542cf776665a3d7e1e5ce411d9c05cd4f3682b37
-
SHA512
7b3da224c239904a08f291d90cb4d507742c828d06227e86191de2e6c6645fc8eb293dec60828d11de4709b16a701d4c678fc915a695474ba16b6649babecf9b
-
SSDEEP
24576:My0DIMDStaeBIs6CsGavLD5TTygEcoY/xefIR9d0YTKg6N:70UFoe6n3GuNXyw3x+GA
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-