General

  • Target

    8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2

  • Size

    917KB

  • Sample

    231111-jy6stscf3w

  • MD5

    e0b2090119402c00eb7d3287e551c452

  • SHA1

    c490eb2aab6dad6fb8757cd4a00b29a6c1f21527

  • SHA256

    8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2

  • SHA512

    b31fd7ddf96c9168860dc7416831d49b38f8be73261e471748330cd4e1a2999f7092c4d983c773b837ca5718a11fd558efb1b5c4acd80c134e6cbb05c09acae6

  • SSDEEP

    12288:CMrGy90uUk3KbOnZNd35aex4IC56pCPHGnnPLvTMXiYQVD4j6UeF3iEGCtNjp5Lg:4y1UeZ75aeuIsGC/GzLYD0jLLa8fEuU

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2

    • Size

      917KB

    • MD5

      e0b2090119402c00eb7d3287e551c452

    • SHA1

      c490eb2aab6dad6fb8757cd4a00b29a6c1f21527

    • SHA256

      8eb3efa49b857c1d9f0e209348623220d1b4b2429c911e7fab1661a15b8626a2

    • SHA512

      b31fd7ddf96c9168860dc7416831d49b38f8be73261e471748330cd4e1a2999f7092c4d983c773b837ca5718a11fd558efb1b5c4acd80c134e6cbb05c09acae6

    • SSDEEP

      12288:CMrGy90uUk3KbOnZNd35aex4IC56pCPHGnnPLvTMXiYQVD4j6UeF3iEGCtNjp5Lg:4y1UeZ75aeuIsGC/GzLYD0jLLa8fEuU

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks