General

  • Target

    4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac

  • Size

    908KB

  • Sample

    231011-mqmlrsbc46

  • MD5

    939f12f6f0ef949958e6835b42998c67

  • SHA1

    0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388

  • SHA256

    4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac

  • SHA512

    1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591

  • SSDEEP

    24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac

    • Size

      908KB

    • MD5

      939f12f6f0ef949958e6835b42998c67

    • SHA1

      0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388

    • SHA256

      4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac

    • SHA512

      1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591

    • SSDEEP

      24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks