General

  • Target

    6d47aa09c7a09329a9231a56d97ff210.exe

  • Size

    1.3MB

  • Sample

    231111-at2tmscf67

  • MD5

    6d47aa09c7a09329a9231a56d97ff210

  • SHA1

    415cb37c62af100c927f0b00813943124a708a02

  • SHA256

    66b1566759888450b9a3427e8b9678255082eca6a69e3291e32bdf593ef60356

  • SHA512

    d5ed8b0aa306fa6f52c8f90153c03ee43a812eecad01c351a2ac29be2373ccfb94ae68acbf5957b449356b79c48d5a6cdf0efc77aa4d6f0f93c51561bcbecc7c

  • SSDEEP

    24576:2yWHxH+xWvae6IstC/Gb1GD0x+q+p0fFOSkdil8gDZFdR6qZsAw:FWdSeBWSGoAlFOCD7XG

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      6d47aa09c7a09329a9231a56d97ff210.exe

    • Size

      1.3MB

    • MD5

      6d47aa09c7a09329a9231a56d97ff210

    • SHA1

      415cb37c62af100c927f0b00813943124a708a02

    • SHA256

      66b1566759888450b9a3427e8b9678255082eca6a69e3291e32bdf593ef60356

    • SHA512

      d5ed8b0aa306fa6f52c8f90153c03ee43a812eecad01c351a2ac29be2373ccfb94ae68acbf5957b449356b79c48d5a6cdf0efc77aa4d6f0f93c51561bcbecc7c

    • SSDEEP

      24576:2yWHxH+xWvae6IstC/Gb1GD0x+q+p0fFOSkdil8gDZFdR6qZsAw:FWdSeBWSGoAlFOCD7XG

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks