General

  • Target

    e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042

  • Size

    918KB

  • Sample

    231110-2mvwasgf5w

  • MD5

    5b66eed2ad68106a89a6f3b73c218a84

  • SHA1

    5c22bab74d2e1c471998f6c6d0d54c765cda2919

  • SHA256

    e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042

  • SHA512

    d67fd8c22f9a79a833d192d92166975ba7ef154460304ef5d74ef929a079a7dabcf46e92e4868d349b45c847a41fad74925ac27e2344a1edfa80f53aa150c878

  • SSDEEP

    24576:ayyvT58aeuIs6C/GfLYDyYMQGbWwJgEemlk4:hylFetVEGkrGbDJbewk

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042

    • Size

      918KB

    • MD5

      5b66eed2ad68106a89a6f3b73c218a84

    • SHA1

      5c22bab74d2e1c471998f6c6d0d54c765cda2919

    • SHA256

      e2ac957d5639c1c5bc9365269cb27c6a2b3994d6fe2e76d0e03cb19ab4676042

    • SHA512

      d67fd8c22f9a79a833d192d92166975ba7ef154460304ef5d74ef929a079a7dabcf46e92e4868d349b45c847a41fad74925ac27e2344a1edfa80f53aa150c878

    • SSDEEP

      24576:ayyvT58aeuIs6C/GfLYDyYMQGbWwJgEemlk4:hylFetVEGkrGbDJbewk

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks