General

  • Target

    65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f

  • Size

    917KB

  • Sample

    231111-agmh7abc5x

  • MD5

    107bf9d110cb622e19a723b31b6862ed

  • SHA1

    47ef197e7b595fae417fb8db440e925ae29f5ab6

  • SHA256

    65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f

  • SHA512

    eb3fa04b1d5840fe86b3356490dc973164e3db62336bf04090ce01e5dea7ee6f3bc0291f40a5b0873a1b97d0b00e4f47449d5cc3836203d1f677ea20f376d100

  • SSDEEP

    24576:KyG5x8aeuIsKC/GPLYDpgQ0IL0Jq5iNH0BLP/yPR:RG5HetrEG0qXIL0w5i9mD/y

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f

    • Size

      917KB

    • MD5

      107bf9d110cb622e19a723b31b6862ed

    • SHA1

      47ef197e7b595fae417fb8db440e925ae29f5ab6

    • SHA256

      65ef57b643da55618230264c06bf8b7bb6598798927a22090172fdcb40d5e35f

    • SHA512

      eb3fa04b1d5840fe86b3356490dc973164e3db62336bf04090ce01e5dea7ee6f3bc0291f40a5b0873a1b97d0b00e4f47449d5cc3836203d1f677ea20f376d100

    • SSDEEP

      24576:KyG5x8aeuIsKC/GPLYDpgQ0IL0Jq5iNH0BLP/yPR:RG5HetrEG0qXIL0w5i9mD/y

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks