General

  • Target

    46126f416ac79fab957801892bea5d45dd73d9c6ffc06c82498e1e373e3523b6

  • Size

    1.3MB

  • Sample

    231111-bpv1zach7v

  • MD5

    4185d75b7fd42d758baed6f19ed92528

  • SHA1

    3353738030e0ab61635796aa95a4517c0eda780c

  • SHA256

    46126f416ac79fab957801892bea5d45dd73d9c6ffc06c82498e1e373e3523b6

  • SHA512

    d6951c8e95dbf2ab607b5ad9c5d1e3788bf81001860ad980c105f39f74e34df90e0769cd3d2732fe2ba6f551907272f4d844eaf8ad720ca7090c9c76f2c227df

  • SSDEEP

    24576:Kymeirj14/9K2TwCaeAIsNCeGiBRDVOZDl7bm9EC3ASFz95W2uE5FVFf8hsjRvr:Rt/9KXLeHkHGCAp1bmiC3AS7RuWl3Rv

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      46126f416ac79fab957801892bea5d45dd73d9c6ffc06c82498e1e373e3523b6

    • Size

      1.3MB

    • MD5

      4185d75b7fd42d758baed6f19ed92528

    • SHA1

      3353738030e0ab61635796aa95a4517c0eda780c

    • SHA256

      46126f416ac79fab957801892bea5d45dd73d9c6ffc06c82498e1e373e3523b6

    • SHA512

      d6951c8e95dbf2ab607b5ad9c5d1e3788bf81001860ad980c105f39f74e34df90e0769cd3d2732fe2ba6f551907272f4d844eaf8ad720ca7090c9c76f2c227df

    • SSDEEP

      24576:Kymeirj14/9K2TwCaeAIsNCeGiBRDVOZDl7bm9EC3ASFz95W2uE5FVFf8hsjRvr:Rt/9KXLeHkHGCAp1bmiC3AS7RuWl3Rv

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks