General

  • Target

    ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d

  • Size

    1.3MB

  • Sample

    231111-asyqlacf36

  • MD5

    5b72b0e1616e69909f6a02675c4f4f0f

  • SHA1

    463910dd75977cf22b773eed8d66240fac07b392

  • SHA256

    ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d

  • SHA512

    e1f0de40885c7af3086565886b8214e5c70f6c87b6c0306b9b05432b593bfca6d3055d750cdb0c4606bffd0c82f33a3186a33267a3a7039d662fba86070449a6

  • SSDEEP

    24576:SywO8/0OzWjpo9KaeIIsDCtGoC0Dl0PJbzHzyof7CG95bAfdU3cqRXG:5F8sOzWju9jefoiGgR8/HzhTCwp0UMqR

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d

    • Size

      1.3MB

    • MD5

      5b72b0e1616e69909f6a02675c4f4f0f

    • SHA1

      463910dd75977cf22b773eed8d66240fac07b392

    • SHA256

      ebf7b5b43a4c4df1596a7d681a5a93f3ebbdd7ee95e370d319ecba7c09e9948d

    • SHA512

      e1f0de40885c7af3086565886b8214e5c70f6c87b6c0306b9b05432b593bfca6d3055d750cdb0c4606bffd0c82f33a3186a33267a3a7039d662fba86070449a6

    • SSDEEP

      24576:SywO8/0OzWjpo9KaeIIsDCtGoC0Dl0PJbzHzyof7CG95bAfdU3cqRXG:5F8sOzWju9jefoiGgR8/HzhTCwp0UMqR

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks