General

  • Target

    94c5dec3dc55d94342b86817f62b2e58.exe

  • Size

    1.3MB

  • Sample

    231111-kyv7rscg51

  • MD5

    94c5dec3dc55d94342b86817f62b2e58

  • SHA1

    962bb43fd963eda46507436b1ed5d5d4b0d2a49e

  • SHA256

    8e2397869f3ddac2b5daa8972947bb1768b8a349d9077276876cc7d77d2ecf1a

  • SHA512

    8a07d1bf8ec4a46816076124629e93169f505c1a91eba9b7a6f870d0786c11204448ef383b6da8ba424508f9294720a6d9d887789c68a99d47fe0ab48249fadc

  • SSDEEP

    24576:8yACdIZCO4EKaetIs8CsG470DDm/BtemVzNt2HUCGViv1mhbW2FKMWWB3h31I:rAYIZCSjee1fG1vmjeWR49G0Y6Yj1hF

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      94c5dec3dc55d94342b86817f62b2e58.exe

    • Size

      1.3MB

    • MD5

      94c5dec3dc55d94342b86817f62b2e58

    • SHA1

      962bb43fd963eda46507436b1ed5d5d4b0d2a49e

    • SHA256

      8e2397869f3ddac2b5daa8972947bb1768b8a349d9077276876cc7d77d2ecf1a

    • SHA512

      8a07d1bf8ec4a46816076124629e93169f505c1a91eba9b7a6f870d0786c11204448ef383b6da8ba424508f9294720a6d9d887789c68a99d47fe0ab48249fadc

    • SSDEEP

      24576:8yACdIZCO4EKaetIs8CsG470DDm/BtemVzNt2HUCGViv1mhbW2FKMWWB3h31I:rAYIZCSjee1fG1vmjeWR49G0Y6Yj1hF

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks