General

  • Target

    f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0

  • Size

    917KB

  • Sample

    231110-3v1besbf27

  • MD5

    50e8abc58235e9ec7b021daff0be4df7

  • SHA1

    e56326514a8ae27675f404d0022cb658010d2842

  • SHA256

    f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0

  • SHA512

    215afc3d26e898e76dff5846ba328e1ef4a7b7406ad2406260e60e56f507c6d21220c0796b79f6a781b3285d0ce9eb115b479f8e61134569a296f4a74c1c01e2

  • SSDEEP

    12288:6Mrcy90Cif9S5zRHncHqJCcU+aex4IC5upCPHG9PPLvTMXiYQjDqVbWQSz1W5iqJ:6ykFeCqU+aeuIsKC/G5LYDoOh0mhA0

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0

    • Size

      917KB

    • MD5

      50e8abc58235e9ec7b021daff0be4df7

    • SHA1

      e56326514a8ae27675f404d0022cb658010d2842

    • SHA256

      f91777b5b6c3bb6f5e4dcb323114d76f921523a62e63c7d30adea1a13d8873b0

    • SHA512

      215afc3d26e898e76dff5846ba328e1ef4a7b7406ad2406260e60e56f507c6d21220c0796b79f6a781b3285d0ce9eb115b479f8e61134569a296f4a74c1c01e2

    • SSDEEP

      12288:6Mrcy90Cif9S5zRHncHqJCcU+aex4IC5upCPHG9PPLvTMXiYQjDqVbWQSz1W5iqJ:6ykFeCqU+aeuIsKC/G5LYDoOh0mhA0

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks