General

  • Target

    9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837

  • Size

    917KB

  • Sample

    231111-ge8f7sch45

  • MD5

    b2f8209ba150548db048c42042cee92c

  • SHA1

    025191a7cb603f278389435369c3438161b31655

  • SHA256

    9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837

  • SHA512

    1691c4590cfdf67a00f3e09e167c4290cf00d2b78de8c0a080bb76a7cb1aa74859920dda0c6948cb80c89da25e8dae4b7197a9ef60e5c7b9070a40d35e40eb98

  • SSDEEP

    24576:ey4H3tVJh5caeuIseC/GRLYDHD418y592ElB:tmZletJEGKzM1B

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837

    • Size

      917KB

    • MD5

      b2f8209ba150548db048c42042cee92c

    • SHA1

      025191a7cb603f278389435369c3438161b31655

    • SHA256

      9acce7c6f4f8d8187caa8274b89bbcabc7b92019d25a3e795d797cd0f96f2837

    • SHA512

      1691c4590cfdf67a00f3e09e167c4290cf00d2b78de8c0a080bb76a7cb1aa74859920dda0c6948cb80c89da25e8dae4b7197a9ef60e5c7b9070a40d35e40eb98

    • SSDEEP

      24576:ey4H3tVJh5caeuIseC/GRLYDHD418y592ElB:tmZletJEGKzM1B

    • Detect Mystic stealer payload

    • Detected google phishing page

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks