General

  • Target

    7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d

  • Size

    1.3MB

  • Sample

    231111-bccc4acd7t

  • MD5

    b6814d6964e995a86c1906c8f85ad94b

  • SHA1

    c9c7fb011e2f994ef81230ac09c0160321b54293

  • SHA256

    7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d

  • SHA512

    a8b488830c101e525abba2ca65691f77953d9cfb744013821ae70ce789409fdffa333bab1f4bd26d12e1be8ab00e544ff4a5caf029ee042e2d954ee493b79c29

  • SSDEEP

    24576:xyBsr9+YnHR2aeaIsbCQGQA2D+OJaek1IQ2Y5xvyyCBvRuGpxen8y9OLCk:kBsgYH5ehuZGIrwesIQv5oyCBv0cen8m

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d

    • Size

      1.3MB

    • MD5

      b6814d6964e995a86c1906c8f85ad94b

    • SHA1

      c9c7fb011e2f994ef81230ac09c0160321b54293

    • SHA256

      7fb2aab9c72b2b761f673f59ed5e31761ad73d9b63011671ff4bf6b38a2b522d

    • SHA512

      a8b488830c101e525abba2ca65691f77953d9cfb744013821ae70ce789409fdffa333bab1f4bd26d12e1be8ab00e544ff4a5caf029ee042e2d954ee493b79c29

    • SSDEEP

      24576:xyBsr9+YnHR2aeaIsbCQGQA2D+OJaek1IQ2Y5xvyyCBvRuGpxen8y9OLCk:kBsgYH5ehuZGIrwesIQv5oyCBv0cen8m

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks