General

  • Target

    0bd838102a59a3cecddbafddd887bbd6011c2493139cbb02b92c9854e54e818e

  • Size

    1.2MB

  • Sample

    231007-hdzckshe81

  • MD5

    1a60bd560307b2bc5f296236b712d04d

  • SHA1

    e27e61df43a504e4ae76ce8598fa7e30635f5c52

  • SHA256

    0bd838102a59a3cecddbafddd887bbd6011c2493139cbb02b92c9854e54e818e

  • SHA512

    88eed991bae751de16fffd6a91b90eebdbeee4643e5dd3a3b1364f363ad0836af5eb71eab3fe9062f12356320c92ab92ca8be5293960e85ae5ba4a2ce39adf4b

  • SSDEEP

    24576:qyRG0Xu0fSL+Jm0U5WE+e9uRierIoFqEvdO7MQdjcozQ:xR9Xu0f00m0U5F5q9hlO4Qdjco

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      0bd838102a59a3cecddbafddd887bbd6011c2493139cbb02b92c9854e54e818e

    • Size

      1.2MB

    • MD5

      1a60bd560307b2bc5f296236b712d04d

    • SHA1

      e27e61df43a504e4ae76ce8598fa7e30635f5c52

    • SHA256

      0bd838102a59a3cecddbafddd887bbd6011c2493139cbb02b92c9854e54e818e

    • SHA512

      88eed991bae751de16fffd6a91b90eebdbeee4643e5dd3a3b1364f363ad0836af5eb71eab3fe9062f12356320c92ab92ca8be5293960e85ae5ba4a2ce39adf4b

    • SSDEEP

      24576:qyRG0Xu0fSL+Jm0U5WE+e9uRierIoFqEvdO7MQdjcozQ:xR9Xu0f00m0U5F5q9hlO4Qdjco

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks