General

  • Target

    eded9b78dcd74538a9040382f745a019bd917efb0cb342c7bd994408c97640fa

  • Size

    1.2MB

  • Sample

    231006-1sln5sad39

  • MD5

    1537f212b4f17f75b75b662d4ed2fd25

  • SHA1

    1c0cf637a43565a896a473c9276f0b72493a5e27

  • SHA256

    eded9b78dcd74538a9040382f745a019bd917efb0cb342c7bd994408c97640fa

  • SHA512

    5c5f33b0f9712c2d5139e777c565466cac22c180ec200123a589148915507dca029b9bdf49e148af6d72ad9a5724fcd7b2f9f5f2b596b9b98836a110d68de0fd

  • SSDEEP

    24576:Kysx5AMlBRHHBSIW2HB6iO0mJolb4L5zr36SRVO/:RsxpJHvWcB6Z0+CbarH

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      eded9b78dcd74538a9040382f745a019bd917efb0cb342c7bd994408c97640fa

    • Size

      1.2MB

    • MD5

      1537f212b4f17f75b75b662d4ed2fd25

    • SHA1

      1c0cf637a43565a896a473c9276f0b72493a5e27

    • SHA256

      eded9b78dcd74538a9040382f745a019bd917efb0cb342c7bd994408c97640fa

    • SHA512

      5c5f33b0f9712c2d5139e777c565466cac22c180ec200123a589148915507dca029b9bdf49e148af6d72ad9a5724fcd7b2f9f5f2b596b9b98836a110d68de0fd

    • SSDEEP

      24576:Kysx5AMlBRHHBSIW2HB6iO0mJolb4L5zr36SRVO/:RsxpJHvWcB6Z0+CbarH

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks