General

  • Target

    66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b

  • Size

    919KB

  • Sample

    231111-k16fhscg6s

  • MD5

    b1099ee05db9908f68552ec4af40c70d

  • SHA1

    592692d3abf06ebd34cf14775b5420fe94562f2a

  • SHA256

    66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b

  • SHA512

    bea06492cdb9721ddc6eb71da31e8ed2fb35012a9fe26589fd3e4f6e6bd53bd4f873dd3cb27ccfc4c7c97e5f23cb859fb7391a0f8112c4a86ec793c07ad402c8

  • SSDEEP

    24576:vyuzhIPSkIaeuIsWC/GZLYDZ04thsnfF:6uzhQxetPEGy+4tenf

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b

    • Size

      919KB

    • MD5

      b1099ee05db9908f68552ec4af40c70d

    • SHA1

      592692d3abf06ebd34cf14775b5420fe94562f2a

    • SHA256

      66d1c4d6339ac117a4649e059b85aceb9c1cbd02188419ac97d642b1748aeb0b

    • SHA512

      bea06492cdb9721ddc6eb71da31e8ed2fb35012a9fe26589fd3e4f6e6bd53bd4f873dd3cb27ccfc4c7c97e5f23cb859fb7391a0f8112c4a86ec793c07ad402c8

    • SSDEEP

      24576:vyuzhIPSkIaeuIsWC/GZLYDZ04thsnfF:6uzhQxetPEGy+4tenf

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks