General

  • Target

    d543b9735c540cc6703db59e7cdc901b.bin

  • Size

    868KB

  • Sample

    231011-jcnecsbh22

  • MD5

    ef16a4fe3085f80f6df2ef27f3aaa370

  • SHA1

    c28675aec5fbe9e4824f735d15a74f53cdf88aac

  • SHA256

    b60e6acb1683e8b9b7d8eaf9bd41f0028c9de2aff3bf330c1b73c0735050fd7a

  • SHA512

    46bedd25e3e6c25e1a8379c3a087de862f38eb7089eb4f774d2b953b503d1ab68c034a1434c4031f82e12e7b88bc5c02840584ef4404ef3c26435d2de776f924

  • SSDEEP

    24576:N2opWo49eKGq5x6R2KjXf9LIjaR+BN1F43P9:spxkbf9LIj97FEP9

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb.exe

    • Size

      912KB

    • MD5

      d543b9735c540cc6703db59e7cdc901b

    • SHA1

      afe133337f5a4e369a6ea0b1b343396877deb4ee

    • SHA256

      f0efdb440af65c3ccc31797a2725ec5762ca1dd7918c77211cf23f88b70513eb

    • SHA512

      753e225c1cb2e201f1ce9e9dbcd872ff8973dd6f5e0b3cf29e9d7185c7faaebaae12fb573f182d57d0715432ec7c6d74eae872dbab9a5c01f0d989fc772335f0

    • SSDEEP

      24576:6y/N4VI3ja2E40UXN7eKmsqV1B7Aj5Pv:BVg0a3UXdeKm93B7Aj

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks