General

  • Target

    d8255777959f052f8c011675483a307c63e57e21b3b35bd8f03b7eb52e786694

  • Size

    1.2MB

  • Sample

    231007-jkw2gahh4v

  • MD5

    8093311caea463a7e2fecd07655ad589

  • SHA1

    899edf7380341af9717b149cfa372df1f3b202bc

  • SHA256

    d8255777959f052f8c011675483a307c63e57e21b3b35bd8f03b7eb52e786694

  • SHA512

    896d609c152d7f4e5980c85f071ef590b0c970ebb912ba77149ee567d96fe696d399a5004ff8cc01a48835d576b227ffeed2d57dbdec589dee8f851feee1dea6

  • SSDEEP

    24576:4yM1WpIQ3vTnAEnkot5Rpi/+nCC2etJLZTVAgvjpPdMXaNuh:/6kpk0pOJC1ttZTqkPdZN

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      d8255777959f052f8c011675483a307c63e57e21b3b35bd8f03b7eb52e786694

    • Size

      1.2MB

    • MD5

      8093311caea463a7e2fecd07655ad589

    • SHA1

      899edf7380341af9717b149cfa372df1f3b202bc

    • SHA256

      d8255777959f052f8c011675483a307c63e57e21b3b35bd8f03b7eb52e786694

    • SHA512

      896d609c152d7f4e5980c85f071ef590b0c970ebb912ba77149ee567d96fe696d399a5004ff8cc01a48835d576b227ffeed2d57dbdec589dee8f851feee1dea6

    • SSDEEP

      24576:4yM1WpIQ3vTnAEnkot5Rpi/+nCC2etJLZTVAgvjpPdMXaNuh:/6kpk0pOJC1ttZTqkPdZN

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks