General

  • Target

    d738f74cd537c3758524c31a16fbc239.exe

  • Size

    917KB

  • Sample

    231111-jktw4sce4v

  • MD5

    d738f74cd537c3758524c31a16fbc239

  • SHA1

    971e9ab191e43dee2090ea5ccb0934103fed15ad

  • SHA256

    c06acebb9764a806c9094a4efc1f811d5041ffe29e92378cccc32b73cb69d101

  • SHA512

    71430d3cedc2370964bf7667b5cc06a135ca1e534ddfd84e21c0512bb0be22096b3d3c3bfd1a4c2d0163c5fb864bd0ab7c3b99da4f56e6952bf8618dcc62c56b

  • SSDEEP

    12288:PMrPy90QFaKIK9Zczaex4IC5CpCPHGH9PLvTMXiYQPD0vISBWLEQqaQ+Iv3H/nCF:AyHFcoIaeuIs+C/G5LYD3QLEQJa3/Up

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      d738f74cd537c3758524c31a16fbc239.exe

    • Size

      917KB

    • MD5

      d738f74cd537c3758524c31a16fbc239

    • SHA1

      971e9ab191e43dee2090ea5ccb0934103fed15ad

    • SHA256

      c06acebb9764a806c9094a4efc1f811d5041ffe29e92378cccc32b73cb69d101

    • SHA512

      71430d3cedc2370964bf7667b5cc06a135ca1e534ddfd84e21c0512bb0be22096b3d3c3bfd1a4c2d0163c5fb864bd0ab7c3b99da4f56e6952bf8618dcc62c56b

    • SSDEEP

      12288:PMrPy90QFaKIK9Zczaex4IC5CpCPHGH9PLvTMXiYQPD0vISBWLEQqaQ+Iv3H/nCF:AyHFcoIaeuIs+C/G5LYD3QLEQJa3/Up

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks