General

  • Target

    418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f

  • Size

    917KB

  • Sample

    231111-kavakacf5v

  • MD5

    0848caf31da158c65e0282850d3b53ca

  • SHA1

    675ba70f9d3d7121a8368b4fb370778eff689ecb

  • SHA256

    418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f

  • SHA512

    238a7a54a513fc226d3aed92583ae78ec99faa6c923c4dfc0c440569478b411398cc4c47c3c3d58e83213df34b96c964609b515ca636a2b40e5e4c8ff0a998ba

  • SSDEEP

    24576:Uy3/7aeuIseC/GZLYDejiIkpWoPAM1V4P9K:jWetHEGy6iIkpWMDV8

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f

    • Size

      917KB

    • MD5

      0848caf31da158c65e0282850d3b53ca

    • SHA1

      675ba70f9d3d7121a8368b4fb370778eff689ecb

    • SHA256

      418aaeb17222c1825bb0bb4fb067a2f4a72f7a5ba7f13648fa3bf6d0e12e1f9f

    • SHA512

      238a7a54a513fc226d3aed92583ae78ec99faa6c923c4dfc0c440569478b411398cc4c47c3c3d58e83213df34b96c964609b515ca636a2b40e5e4c8ff0a998ba

    • SSDEEP

      24576:Uy3/7aeuIseC/GZLYDejiIkpWoPAM1V4P9K:jWetHEGy6iIkpWMDV8

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks