General

  • Target

    db9de967bb2087cea2d05007fedd6ac6623377e1837a5c6dac81bcc30e0ef8d7

  • Size

    1.2MB

  • Sample

    231007-jcnecshg81

  • MD5

    a116cabb58a000b4110bb85db1036fdd

  • SHA1

    3f9ba924347bac386557f1927df9a849e3d1e741

  • SHA256

    db9de967bb2087cea2d05007fedd6ac6623377e1837a5c6dac81bcc30e0ef8d7

  • SHA512

    3b1ad48adad926aa4491d88dd17a528770c89743bd3ab767e9a14064b7c9e3763ce723edb4e31918d68566ac82f9c5c604a3d5fa5f6e55b09335a9b6090b2984

  • SSDEEP

    24576:eypkF+gIuO2O1Zwhnz24m+701wlgG4jgpuPINuU6PXNzWC:tpkJWez2Rt1wlSjyPrE

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      db9de967bb2087cea2d05007fedd6ac6623377e1837a5c6dac81bcc30e0ef8d7

    • Size

      1.2MB

    • MD5

      a116cabb58a000b4110bb85db1036fdd

    • SHA1

      3f9ba924347bac386557f1927df9a849e3d1e741

    • SHA256

      db9de967bb2087cea2d05007fedd6ac6623377e1837a5c6dac81bcc30e0ef8d7

    • SHA512

      3b1ad48adad926aa4491d88dd17a528770c89743bd3ab767e9a14064b7c9e3763ce723edb4e31918d68566ac82f9c5c604a3d5fa5f6e55b09335a9b6090b2984

    • SSDEEP

      24576:eypkF+gIuO2O1Zwhnz24m+701wlgG4jgpuPINuU6PXNzWC:tpkJWez2Rt1wlSjyPrE

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks