General

  • Target

    867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89

  • Size

    1.3MB

  • Sample

    231111-jy64ladf47

  • MD5

    fffc1591ef79a8f49cb2f9c399b4b03f

  • SHA1

    8f45f4d32930f806696d7ea3e6ecaa9e95363faf

  • SHA256

    867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89

  • SHA512

    43feb3de3557a67ec0aa23c352ed1d83bba5f7851775cb649a2e8f8affdd5c47996dcece1addb4c5644145146b8aa1947cd653827567745985d34041d2e38996

  • SSDEEP

    24576:dy2dtKv2L3av/xxaeMIsFC5G+8BDwM3btw8Jf0Dpc9WB3LMNO6ORC4elgIzecYn0:4+Uv83avye7K2GZdtfJf0NMAL+6Jelgb

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89

    • Size

      1.3MB

    • MD5

      fffc1591ef79a8f49cb2f9c399b4b03f

    • SHA1

      8f45f4d32930f806696d7ea3e6ecaa9e95363faf

    • SHA256

      867413f88e06e820d764f7926e1ea9f81da9fd97538817d5f14c01680b0dfa89

    • SHA512

      43feb3de3557a67ec0aa23c352ed1d83bba5f7851775cb649a2e8f8affdd5c47996dcece1addb4c5644145146b8aa1947cd653827567745985d34041d2e38996

    • SSDEEP

      24576:dy2dtKv2L3av/xxaeMIsFC5G+8BDwM3btw8Jf0Dpc9WB3LMNO6ORC4elgIzecYn0:4+Uv83avye7K2GZdtfJf0NMAL+6Jelgb

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks