General

  • Target

    b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2

  • Size

    1.3MB

  • Sample

    231111-b9e59aeh38

  • MD5

    73301f5691f4ab90d7f23333c33051da

  • SHA1

    a5daabc556f12d0108df5d8c9c1046f473e49b7b

  • SHA256

    b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2

  • SHA512

    0369c5775f33fec77567fbce9d1fb5e09490b1a3848815c8606eb512d04c1a927247fbe6e146f42243e3b9be82a83f8325910f8785f27c905f0b7fd5745ac1a0

  • SSDEEP

    24576:RyVzwmxGJZIVS4NkvaeSIsiC6G6ZUDaKILN4jP+jFs7K/5tMncn2C:EVzweS73Sepj1GfmKtNKbB

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2

    • Size

      1.3MB

    • MD5

      73301f5691f4ab90d7f23333c33051da

    • SHA1

      a5daabc556f12d0108df5d8c9c1046f473e49b7b

    • SHA256

      b298303152bfafb02b472b9c996d16301ea06dbff1cd9ce33b093804c003bdc2

    • SHA512

      0369c5775f33fec77567fbce9d1fb5e09490b1a3848815c8606eb512d04c1a927247fbe6e146f42243e3b9be82a83f8325910f8785f27c905f0b7fd5745ac1a0

    • SSDEEP

      24576:RyVzwmxGJZIVS4NkvaeSIsiC6G6ZUDaKILN4jP+jFs7K/5tMncn2C:EVzweS73Sepj1GfmKtNKbB

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks