General
-
Target
8370b60c28384b713c9e7be4ea7f2c5d.bin
-
Size
498KB
-
Sample
231112-cyewsace3z
-
MD5
290b80c58d781eeaae2125e9271fbcc3
-
SHA1
a801b7e9ff81e9b507dbb16b5404d44e97ba0bcd
-
SHA256
9819b91c01df6730c5235a36c64f3e0521665bc02edd19660a2946234adcfa18
-
SHA512
e788a0bb3a6bd6e4f6fdb6483fd0bc4d91c031e7352b7f4ebc1c2fb79414b27ed379039d68106a40552914a6d59b7ad71619421029479e19717357b0a79e6c1e
-
SSDEEP
12288:38BnFJa4C+8oNSEg7ODVH5eDNf/+qbhD1vNn9BB+hXQuorI+ph1:M1uBsSEOVNnn9BFnrAWBrIGh1
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
2aa18005701a5f9849626f2c13a523685747bc4483fa5c636526ecc93470e287.exe
-
Size
542KB
-
MD5
8370b60c28384b713c9e7be4ea7f2c5d
-
SHA1
634115b61dd93f620f150c21d836e345d1e1e459
-
SHA256
2aa18005701a5f9849626f2c13a523685747bc4483fa5c636526ecc93470e287
-
SHA512
82774a9beb2b30b2b099f7e8d668588c2f7147f4f889e162ee1cffa066f70b466959ce9ea4459757a442dead93e9438363b6c42cf3d6866972a43374f6224c3f
-
SSDEEP
12288:aMr0y90pRsPTWGxXx+zFPXK1PlJq52U0G3sz:CywITdB+JPXIv2z0Xz
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-