General

  • Target

    b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d

  • Size

    1.3MB

  • Sample

    231110-3gcm7saa8w

  • MD5

    612491cda5fe267892d251373e7fed1f

  • SHA1

    2f1fa345a3ec7d96fdb15115609cd4ef28f56ef2

  • SHA256

    b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d

  • SHA512

    8172c0816cab7c3227b34c67c77559756d53ae9be5fdfed061bfcbe9de656f4d08d4ee994a9ef7c00e7aef3a5356a1c3decf1b07345b60ff80e222acfb744a99

  • SSDEEP

    24576:KysamPautaewIsOCJG8mCDrTSkb5tuEOtXXGjpS4oap3RY:Rfooe3fSG6Okrnm4S4oap3

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d

    • Size

      1.3MB

    • MD5

      612491cda5fe267892d251373e7fed1f

    • SHA1

      2f1fa345a3ec7d96fdb15115609cd4ef28f56ef2

    • SHA256

      b48de87798734baf63f0d8ff4998384942040a43411c6f39dc0908fd180c918d

    • SHA512

      8172c0816cab7c3227b34c67c77559756d53ae9be5fdfed061bfcbe9de656f4d08d4ee994a9ef7c00e7aef3a5356a1c3decf1b07345b60ff80e222acfb744a99

    • SSDEEP

      24576:KysamPautaewIsOCJG8mCDrTSkb5tuEOtXXGjpS4oap3RY:Rfooe3fSG6Okrnm4S4oap3

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks