General

  • Target

    1f97dcd392862697d1a768bc1f704f3f.bin

  • Size

    467KB

  • Sample

    231111-bl4hyadg89

  • MD5

    6e6000271de5f67388102b8034911cc3

  • SHA1

    0cc3b0068a12784b2155fac444de1da2d9921998

  • SHA256

    21fec6c9296800b8fb0d7ea5f1a4d1cecddfe268a0b9eb44e5442855cd0082a0

  • SHA512

    f22c779444afaed412b5184fae504f75a19fe6b8970d7cbba126e59f3b68d7b07d90ccf514534c3e9edb795b68753c3a05f1235954f904d3ca274235e488a9db

  • SSDEEP

    12288:JdsPY+VJeAL56E8BYwlgQTffO/qPnXcbAI+Baiuqg9g1TJ:JiPJJeAL572bNPnsMdazq

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      60aeb9d314969e4ab8acf4425cbfc680a537ee247b2b6aec84c4dc5ef9025b78.bin

    • Size

      511KB

    • MD5

      1f97dcd392862697d1a768bc1f704f3f

    • SHA1

      35e584af8b8f98dc1ab4505a27a293e9c519e42d

    • SHA256

      60aeb9d314969e4ab8acf4425cbfc680a537ee247b2b6aec84c4dc5ef9025b78

    • SHA512

      b230c2efe3a447501d331df1eb75bc3b7777b2e2d9abb17103c2ad86581d3604284cfcb39eba3f35284dd055f9467a34e0cdbb75c4d9d2081db9be2e17e00308

    • SSDEEP

      12288:SMrEy90IBJ915doOwDIrY8TUs2kuT+4+wSRYFsrXqPRq9:2ybzYSz2ku6USSmTqZq9

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks