General

  • Target

    067dcfb8218ff882d62b482b0d3906c8928c03101304c81d5edc5a01371d8743

  • Size

    1.3MB

  • Sample

    231111-j54l2sdf52

  • MD5

    7eebbfe69da91da5e2856e6a2d011817

  • SHA1

    3e1c8aa5ebd0483e43a43574acb074caa9d10847

  • SHA256

    067dcfb8218ff882d62b482b0d3906c8928c03101304c81d5edc5a01371d8743

  • SHA512

    605c2ea0260b75556c93cb2c5d0cdf7a8dc23591cfdda4d8ecd6945ab81d3be74d1bb694bf597650c8d500ad510a7a0d1b982e6a0774a423edb4ac095905edc0

  • SSDEEP

    24576:/ySJvvXm4psOn9aeJIsWC+GECLDzmkJgOZwQ3xo0Bt9mKi4g:KSJ24psO4eyPzGfe3Q3BBzm8

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      067dcfb8218ff882d62b482b0d3906c8928c03101304c81d5edc5a01371d8743

    • Size

      1.3MB

    • MD5

      7eebbfe69da91da5e2856e6a2d011817

    • SHA1

      3e1c8aa5ebd0483e43a43574acb074caa9d10847

    • SHA256

      067dcfb8218ff882d62b482b0d3906c8928c03101304c81d5edc5a01371d8743

    • SHA512

      605c2ea0260b75556c93cb2c5d0cdf7a8dc23591cfdda4d8ecd6945ab81d3be74d1bb694bf597650c8d500ad510a7a0d1b982e6a0774a423edb4ac095905edc0

    • SSDEEP

      24576:/ySJvvXm4psOn9aeJIsWC+GECLDzmkJgOZwQ3xo0Bt9mKi4g:KSJ24psO4eyPzGfe3Q3BBzm8

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks