General

  • Target

    fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313

  • Size

    918KB

  • Sample

    231110-3g6laaab3w

  • MD5

    039cbb9809ef179e6182636c1e29a8c6

  • SHA1

    f2ae152f90e6ace214cbf7979625d2bcd7031997

  • SHA256

    fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313

  • SHA512

    7c4d39d0efc318d77fcdfd090f18226f259c2c1fa2f627b7a27faa49937e29ddd46b994e42da040323a8e0972fe08239783e5c7c4b0959097b9a94aad622aae7

  • SSDEEP

    24576:Eywok4ebaeuIsKC/GvLYDSo2XGB6kHoVKImfBh:ThBetrEGUZ2XGhjB

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313

    • Size

      918KB

    • MD5

      039cbb9809ef179e6182636c1e29a8c6

    • SHA1

      f2ae152f90e6ace214cbf7979625d2bcd7031997

    • SHA256

      fb60cd64c4b696bfb22764c05395e15e067025fd2c58c2188106ccb39bf30313

    • SHA512

      7c4d39d0efc318d77fcdfd090f18226f259c2c1fa2f627b7a27faa49937e29ddd46b994e42da040323a8e0972fe08239783e5c7c4b0959097b9a94aad622aae7

    • SSDEEP

      24576:Eywok4ebaeuIsKC/GvLYDSo2XGB6kHoVKImfBh:ThBetrEGUZ2XGhjB

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks