General

  • Target

    e4d5154753b7811814f5fa08fc4212d1f55b23bd9c0ec049f7a8e983036359c9

  • Size

    1.2MB

  • Sample

    231007-e4tm8sbd68

  • MD5

    833e81969d87f5ba695ccba6a883f7d2

  • SHA1

    05320ff7a7870d571de236b4ce848be960528039

  • SHA256

    e4d5154753b7811814f5fa08fc4212d1f55b23bd9c0ec049f7a8e983036359c9

  • SHA512

    4d66f9c6f371eea1c78765ea82fc60ce8ff3ac7227402cf6d548403f82e3c47848093c41d8352d4e54d74cab0a739a620cce517e2b165555be08d05d41f24e88

  • SSDEEP

    24576:RyaiO0a+Wj1BV1qBCL/ck+aKp2fcHhJjRV9Fau:EBa+6BV1qoL/J8RRV9E

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      e4d5154753b7811814f5fa08fc4212d1f55b23bd9c0ec049f7a8e983036359c9

    • Size

      1.2MB

    • MD5

      833e81969d87f5ba695ccba6a883f7d2

    • SHA1

      05320ff7a7870d571de236b4ce848be960528039

    • SHA256

      e4d5154753b7811814f5fa08fc4212d1f55b23bd9c0ec049f7a8e983036359c9

    • SHA512

      4d66f9c6f371eea1c78765ea82fc60ce8ff3ac7227402cf6d548403f82e3c47848093c41d8352d4e54d74cab0a739a620cce517e2b165555be08d05d41f24e88

    • SSDEEP

      24576:RyaiO0a+Wj1BV1qBCL/ck+aKp2fcHhJjRV9Fau:EBa+6BV1qoL/J8RRV9E

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks