General

  • Target

    e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443

  • Size

    917KB

  • Sample

    231111-h3dgeade27

  • MD5

    39aadf54fc2905c31a7e97cb94cf37d3

  • SHA1

    2906ba4eb12fc44923510fc0d0f46a4648ae8899

  • SHA256

    e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443

  • SHA512

    6960045f785cedad8c2737783d9bb45d696c18c13b6284cb59d7e546a084d26cbe561d6b7263ef22f6af20960cdb13cc64b0b1b49e38c94548ac020c1fa075bb

  • SSDEEP

    24576:lyGZqLSgMjfaeuIsaC/GdLYDJkWHo0J9:AGZ+SzCetzEGWVkWHoS

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443

    • Size

      917KB

    • MD5

      39aadf54fc2905c31a7e97cb94cf37d3

    • SHA1

      2906ba4eb12fc44923510fc0d0f46a4648ae8899

    • SHA256

      e33c640a4b0ede41c297a805339749380408aa048b889ffd5d241f3a253f6443

    • SHA512

      6960045f785cedad8c2737783d9bb45d696c18c13b6284cb59d7e546a084d26cbe561d6b7263ef22f6af20960cdb13cc64b0b1b49e38c94548ac020c1fa075bb

    • SSDEEP

      24576:lyGZqLSgMjfaeuIsaC/GdLYDJkWHo0J9:AGZ+SzCetzEGWVkWHoS

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks