General

  • Target

    09ea418a58b0ce618ac768488983107a.bin

  • Size

    467KB

  • Sample

    231111-bc9nladd74

  • MD5

    1f1ddb689bb566726a15bde9674c511a

  • SHA1

    bb5f044986ca6fe31cf1da4b7a3ec010ee96e51a

  • SHA256

    ddd00337ce7006f0adb4957a1a3f85b4a70b0efffce5857b0ffcf9e542585d4e

  • SHA512

    540cbc909975ee9dd8bab6f50675be1b7305f289d0376de65d52e51a3029a470bb58db47a75187b79c592f1fc7efec09261dd8248e7dc174e59dc7dc356b0515

  • SSDEEP

    6144:fo2cAlJRNmUpinh+9Lh4//VRI+RNPElAZp1mkJT81DLDLjyz+KjroP8UBm98FXe6:wmJRNdVkVRRVElAP85fabj8FOH0okH

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      c10a2bf3195e2845d300da532b6dd148b5ec3630307fb04ddc01e0cbd381d0ed.bin

    • Size

      511KB

    • MD5

      09ea418a58b0ce618ac768488983107a

    • SHA1

      10320817bbcd26c582083177811e5c142b39a44c

    • SHA256

      c10a2bf3195e2845d300da532b6dd148b5ec3630307fb04ddc01e0cbd381d0ed

    • SHA512

      aa0038af96e663391a94b4f6bae53e5a6c8c91041bacb9185ca83a9b40ac78fc0150cebe8b82e4f778e50a6ade4898c29bf4b4d3269108ea50ea52628a8bb3ec

    • SSDEEP

      12288:PMrsy902IhgTbZ6vwpe8Y8TUs2MuX+4+wSR9FCV5ft4:Lyih3f8YSz2MuuUS3Cfu

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks