General

  • Target

    0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8

  • Size

    1.3MB

  • Sample

    231111-bwxhdaec52

  • MD5

    92ddba9635cb5dc202d5b6f549699eaa

  • SHA1

    cabefd17e7a97dfa06a2c2602305f6f1e4a95825

  • SHA256

    0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8

  • SHA512

    2fd477576fdb609ca0fa850e78f7b60071990e79f3af02e25d3a27715932dbbaf0e9c6f213c6a22c11912258908d52dff2a909d5ac20e95ac90cff7fd7f41f66

  • SSDEEP

    24576:TyO8gjX/GdaebIs5C4Gb3IDYmdAjrPRmCm/oBCWLkoT962MgpYL7l:m3gaYeUqfGsUmsr5mCm4pLks9629py

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8

    • Size

      1.3MB

    • MD5

      92ddba9635cb5dc202d5b6f549699eaa

    • SHA1

      cabefd17e7a97dfa06a2c2602305f6f1e4a95825

    • SHA256

      0c37fabfe7992c6687572566ce6a0f21decdd6bc796ddfb008cc842bb44e39d8

    • SHA512

      2fd477576fdb609ca0fa850e78f7b60071990e79f3af02e25d3a27715932dbbaf0e9c6f213c6a22c11912258908d52dff2a909d5ac20e95ac90cff7fd7f41f66

    • SSDEEP

      24576:TyO8gjX/GdaebIs5C4Gb3IDYmdAjrPRmCm/oBCWLkoT962MgpYL7l:m3gaYeUqfGsUmsr5mCm4pLks9629py

    • Detect Mystic stealer payload

    • Detected google phishing page

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks