General
-
Target
a585ae32ed044a8bd15a05a60fbc3d8d6a3b59ebfb4c358be41f06e4ad101024
-
Size
1.3MB
-
Sample
231113-fl3nvsaa78
-
MD5
d4a8d6d6da2736140748c1379f4dda76
-
SHA1
823af1b956c56d024eff5d14cd4bf27f478b4deb
-
SHA256
a585ae32ed044a8bd15a05a60fbc3d8d6a3b59ebfb4c358be41f06e4ad101024
-
SHA512
46f0ef584160ccaa868d1a770057ac19d60a64f07b2dd207c7f8454991425c775ef119777b1161e5deb4d2a333e880a677fb74eaed91c99a160a6cf7f02c3573
-
SSDEEP
24576:Yyl6w9yasWaeRIsvCMGLW9DLXtViQmtqsjDIq1KT5bSKoL/bBUAn:fl3yDveKMxGurin4sDIq1KMyA
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
a585ae32ed044a8bd15a05a60fbc3d8d6a3b59ebfb4c358be41f06e4ad101024
-
Size
1.3MB
-
MD5
d4a8d6d6da2736140748c1379f4dda76
-
SHA1
823af1b956c56d024eff5d14cd4bf27f478b4deb
-
SHA256
a585ae32ed044a8bd15a05a60fbc3d8d6a3b59ebfb4c358be41f06e4ad101024
-
SHA512
46f0ef584160ccaa868d1a770057ac19d60a64f07b2dd207c7f8454991425c775ef119777b1161e5deb4d2a333e880a677fb74eaed91c99a160a6cf7f02c3573
-
SSDEEP
24576:Yyl6w9yasWaeRIsvCMGLW9DLXtViQmtqsjDIq1KT5bSKoL/bBUAn:fl3yDveKMxGurin4sDIq1KMyA
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-