General

  • Target

    c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0

  • Size

    919KB

  • Sample

    231111-a1rbgscg85

  • MD5

    94c91def6f6ef57fa8330bed78f452a9

  • SHA1

    2ab52e104e3c1f189c0a231b2ea781d970a60e12

  • SHA256

    c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0

  • SHA512

    74464e1bce567aa615aadc93cd5d613462582d0e88af6781f54740441d73417087c5aa1fce60674b222bad7bef8ac941deba0134493d34da4a224a90a97d733f

  • SSDEEP

    24576:QyDaCj5UaeuIsKC/GdLYDxGNnXDz8CBvuDMdl+l:XRNet9EGW1G1v15u5

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0

    • Size

      919KB

    • MD5

      94c91def6f6ef57fa8330bed78f452a9

    • SHA1

      2ab52e104e3c1f189c0a231b2ea781d970a60e12

    • SHA256

      c92cbe5c378398dde534ee0f0b43e24006867a6aff2916e734f458b244a664b0

    • SHA512

      74464e1bce567aa615aadc93cd5d613462582d0e88af6781f54740441d73417087c5aa1fce60674b222bad7bef8ac941deba0134493d34da4a224a90a97d733f

    • SSDEEP

      24576:QyDaCj5UaeuIsKC/GdLYDxGNnXDz8CBvuDMdl+l:XRNet9EGW1G1v15u5

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks