General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    231007-jnnjhacb77

  • MD5

    296f35d62c2257cd413d51f024c75a1c

  • SHA1

    e82beb9695d098dffce98113c13b740cfdc3ff89

  • SHA256

    94a52b41541782be436394203e3aca5b5fbea27a912766ffd07cddf66557c1e3

  • SHA512

    7768057079208dd928355e407f88ae42755a9bd44dffc110bec36ea436f5b7e7d350f1dd481e7ca6459e68114203988091460cf53092a6e4643a16421bc43d42

  • SSDEEP

    24576:OyxDRxeJHNtApa0ti0Th+01D6FhmtuIjqCn34j+qBr2EtNFQZ:dnxelNtApxi0Th+Ughmk/Cn3WJIEbF

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32
rc4.i32

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      296f35d62c2257cd413d51f024c75a1c

    • SHA1

      e82beb9695d098dffce98113c13b740cfdc3ff89

    • SHA256

      94a52b41541782be436394203e3aca5b5fbea27a912766ffd07cddf66557c1e3

    • SHA512

      7768057079208dd928355e407f88ae42755a9bd44dffc110bec36ea436f5b7e7d350f1dd481e7ca6459e68114203988091460cf53092a6e4643a16421bc43d42

    • SSDEEP

      24576:OyxDRxeJHNtApa0ti0Th+01D6FhmtuIjqCn34j+qBr2EtNFQZ:dnxelNtApxi0Th+Ughmk/Cn3WJIEbF

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks