General

  • Target

    7da201e492ebc04a834ceea3e26f0d31c961753447913cb5b1f8a1b334527daa

  • Size

    917KB

  • Sample

    231111-atswqscf63

  • MD5

    470f0aaa32c50a9b18ebc7775729d3fa

  • SHA1

    934d9b0c34ff9f17389dca270e4d1e05b2560f70

  • SHA256

    7da201e492ebc04a834ceea3e26f0d31c961753447913cb5b1f8a1b334527daa

  • SHA512

    da2d0ff6da6df3a0185e206c23397437c50a24b8ecf02028f126a27aad3fbc7a0bcdb7bb3ded4cc6939c1ea50251cfbbdb5fb3f3e1389c461b761c8c2b537cc3

  • SSDEEP

    12288:DMr9y90BUbr0NldHC7aex4IC5epCPHGg6PLvTMXiYQbDXG9MNmEHqQUKI6f7JeTk:qyWUG5kaeuIs6C/GFLYDBQUKI6f7SpC

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      7da201e492ebc04a834ceea3e26f0d31c961753447913cb5b1f8a1b334527daa

    • Size

      917KB

    • MD5

      470f0aaa32c50a9b18ebc7775729d3fa

    • SHA1

      934d9b0c34ff9f17389dca270e4d1e05b2560f70

    • SHA256

      7da201e492ebc04a834ceea3e26f0d31c961753447913cb5b1f8a1b334527daa

    • SHA512

      da2d0ff6da6df3a0185e206c23397437c50a24b8ecf02028f126a27aad3fbc7a0bcdb7bb3ded4cc6939c1ea50251cfbbdb5fb3f3e1389c461b761c8c2b537cc3

    • SSDEEP

      12288:DMr9y90BUbr0NldHC7aex4IC5epCPHGg6PLvTMXiYQbDXG9MNmEHqQUKI6f7JeTk:qyWUG5kaeuIs6C/GFLYDBQUKI6f7SpC

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks