General

  • Target

    2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b

  • Size

    917KB

  • Sample

    231111-glpyfaca4z

  • MD5

    50d227379e0db1d76e7d4798906c3b90

  • SHA1

    88f50e56fb0d73650c677610bd708d492ff27c6b

  • SHA256

    2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b

  • SHA512

    64f3ea63a704ee48bbc84f6d7433a87cc9f7449ff817fae85704895b30318cd4352f313235689c3480cdd62fcf9343ce8f7d3d1570b828b18df697cf57e629a7

  • SSDEEP

    24576:UyRGN5UaeuIsSC/GtLYDxAV1207N+e5F:jRINet9EGGNk12m+s

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b

    • Size

      917KB

    • MD5

      50d227379e0db1d76e7d4798906c3b90

    • SHA1

      88f50e56fb0d73650c677610bd708d492ff27c6b

    • SHA256

      2bdd7842f596fcb0601f243b418091d5d9f1884d2b17e51278af606841f0934b

    • SHA512

      64f3ea63a704ee48bbc84f6d7433a87cc9f7449ff817fae85704895b30318cd4352f313235689c3480cdd62fcf9343ce8f7d3d1570b828b18df697cf57e629a7

    • SSDEEP

      24576:UyRGN5UaeuIsSC/GtLYDxAV1207N+e5F:jRINet9EGGNk12m+s

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks