General

  • Target

    2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

  • Size

    1.2MB

  • Sample

    231007-d98tnsha6s

  • MD5

    4a81e0857c9762c946ab1ca7eef1cdf5

  • SHA1

    1a2d38328e3d5a077bcdda01e89a749fc491f234

  • SHA256

    2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

  • SHA512

    84754b9ccc2b3384f93c5b1543065d207853eee1c6a47e1a75a46aa61eda06a49f937d4bbdba8fc1074eed33377789b048a80431689435bb6cc32870e6bdee93

  • SSDEEP

    24576:6yXenkiqAtofLsPurQPLpCw37ew+wDXR3CCJO6TfMU+aLiAFJiBr:BXen6Atoftw1Cw37FlXBPTHluAFJiB

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

    • Size

      1.2MB

    • MD5

      4a81e0857c9762c946ab1ca7eef1cdf5

    • SHA1

      1a2d38328e3d5a077bcdda01e89a749fc491f234

    • SHA256

      2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

    • SHA512

      84754b9ccc2b3384f93c5b1543065d207853eee1c6a47e1a75a46aa61eda06a49f937d4bbdba8fc1074eed33377789b048a80431689435bb6cc32870e6bdee93

    • SSDEEP

      24576:6yXenkiqAtofLsPurQPLpCw37ew+wDXR3CCJO6TfMU+aLiAFJiBr:BXen6Atoftw1Cw37FlXBPTHluAFJiB

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks