General

  • Target

    f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984

  • Size

    917KB

  • Sample

    231111-bqsl8sda2v

  • MD5

    9eacea86984358ce86ab1b7aa19d06dd

  • SHA1

    93234a6edeb6b55e358fb32a11bcf38a7c017053

  • SHA256

    f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984

  • SHA512

    acab999dbb9b3cdbc283f29b2aee5ef7ffb5b10fc5f73f8b6e1f03e791e953737f651f657f2016bf0fbe21410d22ab2cb4dc3e037cbb2a11364ebe551856dad2

  • SSDEEP

    24576:DyWUviaeuIseC/G1LYDQgCSY2WLiYkI66:WWOretPEGOE3/2Ki

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984

    • Size

      917KB

    • MD5

      9eacea86984358ce86ab1b7aa19d06dd

    • SHA1

      93234a6edeb6b55e358fb32a11bcf38a7c017053

    • SHA256

      f3a72d9cd6954102d487ea232ed2c397a7436bb4c0940a13ae4136da1fa65984

    • SHA512

      acab999dbb9b3cdbc283f29b2aee5ef7ffb5b10fc5f73f8b6e1f03e791e953737f651f657f2016bf0fbe21410d22ab2cb4dc3e037cbb2a11364ebe551856dad2

    • SSDEEP

      24576:DyWUviaeuIseC/G1LYDQgCSY2WLiYkI66:WWOretPEGOE3/2Ki

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks