General

  • Target

    763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11

  • Size

    917KB

  • Sample

    231110-3n8zzsbc57

  • MD5

    1e5036f31f6fe30ed4a265f412a8c409

  • SHA1

    1cf78ba984b839d0344fcf89d7a79c0a8a861d49

  • SHA256

    763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11

  • SHA512

    42c3422dd9e1315a4cfa2e64dc047df90c26bf883f41bcdd1e67908d417b4aad4ecb85354e0a5700694b41cc4e79004c7e307ff7e3ba908f20312c0761a083ea

  • SSDEEP

    24576:CMyzK5Rl/UuaeuIsCC/G3LYDmFywvGf5i5Dw:uIy3etlEGcmywufk

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11

    • Size

      917KB

    • MD5

      1e5036f31f6fe30ed4a265f412a8c409

    • SHA1

      1cf78ba984b839d0344fcf89d7a79c0a8a861d49

    • SHA256

      763a6ac5ca7577747f5def6f61bca2d6bbf98cc600309ad93ef60967edb86f11

    • SHA512

      42c3422dd9e1315a4cfa2e64dc047df90c26bf883f41bcdd1e67908d417b4aad4ecb85354e0a5700694b41cc4e79004c7e307ff7e3ba908f20312c0761a083ea

    • SSDEEP

      24576:CMyzK5Rl/UuaeuIsCC/G3LYDmFywvGf5i5Dw:uIy3etlEGcmywufk

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks