General

  • Target

    c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26

  • Size

    917KB

  • Sample

    231111-hcamtsdd65

  • MD5

    8c740d54f1ca696114170cc8c1fdfcdb

  • SHA1

    2c65d5981c597719de9e8da006c2d9b7870b0aae

  • SHA256

    c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26

  • SHA512

    8b31ae81581ded898fb47191cee1e75ae537d143cc4e0a132e6cdf5047393878d7f9e15fa4704b717b87576f90e04d4eb411fcd737f49af4638473421ccbe068

  • SSDEEP

    24576:AykmB0/K5gaeuIs6C/GtLYDqj2dbYBQz5dU4:H0s5etlEGG+SFYqz5S

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26

    • Size

      917KB

    • MD5

      8c740d54f1ca696114170cc8c1fdfcdb

    • SHA1

      2c65d5981c597719de9e8da006c2d9b7870b0aae

    • SHA256

      c65aee50288bb61f1ab8007ecfd9c45866d916532a29f9a94659726d03441e26

    • SHA512

      8b31ae81581ded898fb47191cee1e75ae537d143cc4e0a132e6cdf5047393878d7f9e15fa4704b717b87576f90e04d4eb411fcd737f49af4638473421ccbe068

    • SSDEEP

      24576:AykmB0/K5gaeuIs6C/GtLYDqj2dbYBQz5dU4:H0s5etlEGG+SFYqz5S

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks