General

  • Target

    b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84

  • Size

    1.3MB

  • Sample

    231111-gllwsaca4w

  • MD5

    dd4cccedd56718598764a96494e85a9b

  • SHA1

    4290c5bfbc161d8a6df9cab017ca52d7f49bd511

  • SHA256

    b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84

  • SHA512

    9b949d0af240706af0ac2ea381fe66555408aed71fac147c0f5aa0ea4cf3b0e663dd21ab7c7c1246848881ca838eac1a1ed640ad23fb0d8172243008867ac9af

  • SSDEEP

    24576:qyW2rfo2K4lVI4nzaeRIsnCGGmw/DIz69p/qgiY8DXXYEMC4yHLHCLUkNsTcodHE:xxLxbJGeKsBGbMYgBZDnYEJrHCLUS8Mb

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84

    • Size

      1.3MB

    • MD5

      dd4cccedd56718598764a96494e85a9b

    • SHA1

      4290c5bfbc161d8a6df9cab017ca52d7f49bd511

    • SHA256

      b6185d4f3621b9c2db9498a6ff4d18367efd3589fd49ec5d2a92c2814c4d7c84

    • SHA512

      9b949d0af240706af0ac2ea381fe66555408aed71fac147c0f5aa0ea4cf3b0e663dd21ab7c7c1246848881ca838eac1a1ed640ad23fb0d8172243008867ac9af

    • SSDEEP

      24576:qyW2rfo2K4lVI4nzaeRIsnCGGmw/DIz69p/qgiY8DXXYEMC4yHLHCLUkNsTcodHE:xxLxbJGeKsBGbMYgBZDnYEJrHCLUS8Mb

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks