General

  • Target

    7b2cb7f28305a21f2cc50b73de332f6cd208aa17635df78267653f360f4fbdc7

  • Size

    1.2MB

  • Sample

    231007-jynbgscc36

  • MD5

    fe46391dc5016002f6c055e6e79cbc03

  • SHA1

    613b2c77e100eb2726df23214a78cd8016fcef4b

  • SHA256

    7b2cb7f28305a21f2cc50b73de332f6cd208aa17635df78267653f360f4fbdc7

  • SHA512

    52c09b08557aa9f4bdcacd45ab0166d49340143952bb97605b0734667d79fa9483b2840b36cb21b4c011875ab8d84a8311a159632c514fde4a7484edec3712ee

  • SSDEEP

    24576:PyRA8U39e4BiN97ze+upsE9ZbRvAQ+l99T5eiGzZ0U6ddu:aRTUN9i/7q+KRv789FfYZ0Uu

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      7b2cb7f28305a21f2cc50b73de332f6cd208aa17635df78267653f360f4fbdc7

    • Size

      1.2MB

    • MD5

      fe46391dc5016002f6c055e6e79cbc03

    • SHA1

      613b2c77e100eb2726df23214a78cd8016fcef4b

    • SHA256

      7b2cb7f28305a21f2cc50b73de332f6cd208aa17635df78267653f360f4fbdc7

    • SHA512

      52c09b08557aa9f4bdcacd45ab0166d49340143952bb97605b0734667d79fa9483b2840b36cb21b4c011875ab8d84a8311a159632c514fde4a7484edec3712ee

    • SSDEEP

      24576:PyRA8U39e4BiN97ze+upsE9ZbRvAQ+l99T5eiGzZ0U6ddu:aRTUN9i/7q+KRv789FfYZ0Uu

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks