General

  • Target

    1dd3279447e1790ab2b4fbba22ddaded.bin

  • Size

    467KB

  • Sample

    231111-blsfnscg6w

  • MD5

    907f4ab471d3539b145f85a113a14bd9

  • SHA1

    174b9fa4ed1e804dfb443568d1f5242229448e8e

  • SHA256

    68902e22a46dde27486f0a3fe6b199b6330afa3a73e2a0657fca51b00b3a6a07

  • SHA512

    6993d22a657719bf2ed9feec0c6951c89cfa3d2e0bf21560abf4fc5ba8bea0bb393c750b2cf86e4ea1b2784f0646fe8e0bf09f7c8084364db090157093b98a0c

  • SSDEEP

    12288:VCV6xDkTx7Z9qqgJExZE1renbsckKlFfeVwkwbajNPU:q6UxHFgJTUnQgPywkAajhU

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      16624dff9366edaa52f78d3336fafc6eabc470f992cb615d542da97fe2b8234d.bin

    • Size

      511KB

    • MD5

      1dd3279447e1790ab2b4fbba22ddaded

    • SHA1

      7fed39367c9e341b636e0baa803a8f534d59b11c

    • SHA256

      16624dff9366edaa52f78d3336fafc6eabc470f992cb615d542da97fe2b8234d

    • SHA512

      56f714c986c2472d5e001171d4dc6c0f5f87d68490ca9ed43540e1fbf1df37c1401cc72612302fed9fdad7653b989dd1a5d5959c57b67e78d05f13b8bb092fc9

    • SSDEEP

      12288:pMrPy902pkjlm0wFs61h/+V5Skd61C0UMEVZj:iyLpkvwlh/5kd6Q0Ubvj

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks