General

  • Target

    703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e

  • Size

    917KB

  • Sample

    231111-jllxwsde73

  • MD5

    16bc1fe543c26fb7565bb9f9557da4fc

  • SHA1

    e4278b1e91740abd64c747ef573c994b06653544

  • SHA256

    703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e

  • SHA512

    e1f1b7462f07b34cba528c3721c4ff81121e34e5d8f9b1f90480ecbe607f0d20b29d0daa71df0c047512a26f2fb32c7b7c1dfa12fb661916fe4f8dfe66c8d415

  • SSDEEP

    24576:4ypnjLvydaeuIsKC/GJLYDBSi6Pv9ej61Zy:/pnjLletjEGCNSPleK

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e

    • Size

      917KB

    • MD5

      16bc1fe543c26fb7565bb9f9557da4fc

    • SHA1

      e4278b1e91740abd64c747ef573c994b06653544

    • SHA256

      703b92b81fab3a78856305ed878c105de5571c6655e61b0df16999724cb6f04e

    • SHA512

      e1f1b7462f07b34cba528c3721c4ff81121e34e5d8f9b1f90480ecbe607f0d20b29d0daa71df0c047512a26f2fb32c7b7c1dfa12fb661916fe4f8dfe66c8d415

    • SSDEEP

      24576:4ypnjLvydaeuIsKC/GJLYDBSi6Pv9ej61Zy:/pnjLletjEGCNSPleK

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks