General

  • Target

    aa655275f38f95ad181fd5383b3b6a42f964b866a412aca2c72ce7fac1371ab7

  • Size

    1.2MB

  • Sample

    231007-h8dz5aca76

  • MD5

    19373473cc896e8f8c6925fba51ee712

  • SHA1

    de3dcf041132a75b2bfc6d8fecd3df5ef09ec060

  • SHA256

    aa655275f38f95ad181fd5383b3b6a42f964b866a412aca2c72ce7fac1371ab7

  • SHA512

    e8248657272aa4767bdf9a7e87ed58ec25c8f6e8982fa15d9ed3cbbbf7925262631fb14300568fecf197dfa33b1e623b0415b13fa849b1a1c68144cc17bd4fa4

  • SSDEEP

    24576:3yDQ6zkL5fS+Ae2zlyi1yTa+rAtaozZwnG2edX5q00afq+s/rf:CDQ6QVfNAezi1y2+oyncO09sD

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      aa655275f38f95ad181fd5383b3b6a42f964b866a412aca2c72ce7fac1371ab7

    • Size

      1.2MB

    • MD5

      19373473cc896e8f8c6925fba51ee712

    • SHA1

      de3dcf041132a75b2bfc6d8fecd3df5ef09ec060

    • SHA256

      aa655275f38f95ad181fd5383b3b6a42f964b866a412aca2c72ce7fac1371ab7

    • SHA512

      e8248657272aa4767bdf9a7e87ed58ec25c8f6e8982fa15d9ed3cbbbf7925262631fb14300568fecf197dfa33b1e623b0415b13fa849b1a1c68144cc17bd4fa4

    • SSDEEP

      24576:3yDQ6zkL5fS+Ae2zlyi1yTa+rAtaozZwnG2edX5q00afq+s/rf:CDQ6QVfNAezi1y2+oyncO09sD

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks