General

  • Target

    37f8351de716b397f5800342e170ea83.bin

  • Size

    467KB

  • Sample

    231111-bvbvaaeb75

  • MD5

    5bba869af69d567eb7a440d4b7b7fb04

  • SHA1

    05b69451f36de24c390804585fc0ba6e92f5ee66

  • SHA256

    f717b720cd8994665c7022d716057be2715cfeb8a53972f7e22d9593f3d482da

  • SHA512

    1750ce616c3a01fe5525b0801c8c23e2fe42847008b2987f77dd3cfda6a085832ff2a74db0efae7c857fe9b967581cda5d8ca21d74a56a1acbf6a07b8e031ea5

  • SSDEEP

    12288:Ow2548VpcEMcmtZvNYYj9qvULGVzEui5vov5maYa7TvO8N:Ow2VpcbcmDN4UpxooaYavn

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      b86c2c80111adf7bfa767e50d296fa015501ad9780c41a88c5680382e5abf037.bin

    • Size

      511KB

    • MD5

      37f8351de716b397f5800342e170ea83

    • SHA1

      ea45e463b99c8d71a16342ad51fc1980f7dab4b0

    • SHA256

      b86c2c80111adf7bfa767e50d296fa015501ad9780c41a88c5680382e5abf037

    • SHA512

      7cf380273217d95c317cf13cc17261409b946e892e0b35b310b59a9bba041767459debac04a84a14a0dd2c71ee099654131cc72e0d7217c6c4c9a2981bc7a591

    • SSDEEP

      12288:1Mrzy90h+PiglLrY8TUs26uN+4+wSRuFCUAkr/e:KyS0iqPYSz26uQUSQUUAkrm

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks