General

  • Target

    f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8

  • Size

    919KB

  • Sample

    231111-cahyjaeh69

  • MD5

    d14197e106778029f1c4a36dac25ab0b

  • SHA1

    b9b29c3b9ef42f3b7132c63bd7e87a19a056a8f9

  • SHA256

    f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8

  • SHA512

    cc40941c079c254e414fc77ea298ed792d6b71f2ffe9ad351a73440c7a8515053b0faaa076258038db00d38753c5a522dcb5db6e27d993d81f825547c958c84f

  • SSDEEP

    24576:iyt1YNexhJaeuIsaC/GBLYDLaEUQQRFo7tCcparjPQKE:JtWYxhketDEGaZUQSQtCJrjR

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8

    • Size

      919KB

    • MD5

      d14197e106778029f1c4a36dac25ab0b

    • SHA1

      b9b29c3b9ef42f3b7132c63bd7e87a19a056a8f9

    • SHA256

      f692aab056c4fd3b7f76476f42b8be7758150f3c6728db2c4bd67992920be3c8

    • SHA512

      cc40941c079c254e414fc77ea298ed792d6b71f2ffe9ad351a73440c7a8515053b0faaa076258038db00d38753c5a522dcb5db6e27d993d81f825547c958c84f

    • SSDEEP

      24576:iyt1YNexhJaeuIsaC/GBLYDLaEUQQRFo7tCcparjPQKE:JtWYxhketDEGaZUQSQtCJrjR

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks