General

  • Target

    d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c

  • Size

    917KB

  • Sample

    231111-j41trsdf49

  • MD5

    952f92d0033af2b56f4987194ab4f93c

  • SHA1

    dcd88d37d13768d91fd8fe09d6f80fbf2398adf1

  • SHA256

    d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c

  • SHA512

    6e4f23cf76222e34518fee9bd22d0d0d0365a1a1da4ad069f77939e66cadf77cf19cf8868a4446cafe1417ca41e0654993179e05fad4039d2e10f0b515db2580

  • SSDEEP

    24576:uyvM3qVR+giSiaLaeuIsuC/GFLYDKSki73ivn30EkDa:9U3qV8gUaOetREG+GSv3i/30

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c

    • Size

      917KB

    • MD5

      952f92d0033af2b56f4987194ab4f93c

    • SHA1

      dcd88d37d13768d91fd8fe09d6f80fbf2398adf1

    • SHA256

      d9d20a0e096ccbb133ff8f3820ea69d2a060c277c37b0ea0653cea8f16b93b7c

    • SHA512

      6e4f23cf76222e34518fee9bd22d0d0d0365a1a1da4ad069f77939e66cadf77cf19cf8868a4446cafe1417ca41e0654993179e05fad4039d2e10f0b515db2580

    • SSDEEP

      24576:uyvM3qVR+giSiaLaeuIsuC/GFLYDKSki73ivn30EkDa:9U3qV8gUaOetREG+GSv3i/30

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks