General

  • Target

    3a872ef10dc96593944f828707eb932d919624874d33e3ae7aa863770a7d28fd

  • Size

    917KB

  • Sample

    231110-2y63pshc2z

  • MD5

    41c7a5903151bb2a1315f270fb972394

  • SHA1

    92108cee9ff4985f179b3c1ca983568dcd9d3942

  • SHA256

    3a872ef10dc96593944f828707eb932d919624874d33e3ae7aa863770a7d28fd

  • SHA512

    68b510b77645f3db45a4e5852f55b096fa534a6ffe515e1dcf3cb57072f1cde8bb82d2fe4e17a0a8cbe978d90ee664e466a9f066ad5fcdfe93dbb5a35cb6d77d

  • SSDEEP

    24576:ty2dYqaeuIsuC/GRLYDnsw+86BicpP2I:I2dGetZEGKU8uDp2

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      3a872ef10dc96593944f828707eb932d919624874d33e3ae7aa863770a7d28fd

    • Size

      917KB

    • MD5

      41c7a5903151bb2a1315f270fb972394

    • SHA1

      92108cee9ff4985f179b3c1ca983568dcd9d3942

    • SHA256

      3a872ef10dc96593944f828707eb932d919624874d33e3ae7aa863770a7d28fd

    • SHA512

      68b510b77645f3db45a4e5852f55b096fa534a6ffe515e1dcf3cb57072f1cde8bb82d2fe4e17a0a8cbe978d90ee664e466a9f066ad5fcdfe93dbb5a35cb6d77d

    • SSDEEP

      24576:ty2dYqaeuIsuC/GRLYDnsw+86BicpP2I:I2dGetZEGKU8uDp2

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks