General

  • Target

    a939a0aa6a7c9b38863b7d7b3effdd2e8ba4c383184d09dd6f1d0b70d6f68bae

  • Size

    1.2MB

  • Sample

    231007-fpeq7sbe32

  • MD5

    eeab073f95dd55c966b3d6a784e7c63c

  • SHA1

    0f58b29df823e6962507dccd87838a896122656a

  • SHA256

    a939a0aa6a7c9b38863b7d7b3effdd2e8ba4c383184d09dd6f1d0b70d6f68bae

  • SHA512

    d36cd9f94ce006157af2cb088935ccfe5b73fa7c82ae46cd8674320373487c4ea8be0ca816a6f4b73dba9a36ea661c68b39c35a6c91594a528c9be61903dfae5

  • SSDEEP

    24576:nyYGF0dfYc5TCw33sgeI+D/tV6ev7CftifzkLqREYj7:yYPbTCGcgtg6evytCzTSY

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      a939a0aa6a7c9b38863b7d7b3effdd2e8ba4c383184d09dd6f1d0b70d6f68bae

    • Size

      1.2MB

    • MD5

      eeab073f95dd55c966b3d6a784e7c63c

    • SHA1

      0f58b29df823e6962507dccd87838a896122656a

    • SHA256

      a939a0aa6a7c9b38863b7d7b3effdd2e8ba4c383184d09dd6f1d0b70d6f68bae

    • SHA512

      d36cd9f94ce006157af2cb088935ccfe5b73fa7c82ae46cd8674320373487c4ea8be0ca816a6f4b73dba9a36ea661c68b39c35a6c91594a528c9be61903dfae5

    • SSDEEP

      24576:nyYGF0dfYc5TCw33sgeI+D/tV6ev7CftifzkLqREYj7:yYPbTCGcgtg6evytCzTSY

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks