General

  • Target

    NEAS.58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648.exe

  • Size

    522KB

  • Sample

    231111-mcwmhsdd5v

  • MD5

    27dffe6a01bee3e0ee0949a3df239bf0

  • SHA1

    20d9d845df3959952ed5246547ffe75656579963

  • SHA256

    58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648

  • SHA512

    9e10d2ae5b2786fbd2a4755f9b45f1e05cf01a24a7e3beeb3e7ae86574e3338bd08e5711dfdbee8cba25870ce1faf9945a90302413d022c4150575e7c96829a0

  • SSDEEP

    12288:lMrty90GxYxVLfDOjFr/LxL2RrHlUEwAUkSFL:IyLxIVLfMx/lLKpOkSt

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648.exe

    • Size

      522KB

    • MD5

      27dffe6a01bee3e0ee0949a3df239bf0

    • SHA1

      20d9d845df3959952ed5246547ffe75656579963

    • SHA256

      58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648

    • SHA512

      9e10d2ae5b2786fbd2a4755f9b45f1e05cf01a24a7e3beeb3e7ae86574e3338bd08e5711dfdbee8cba25870ce1faf9945a90302413d022c4150575e7c96829a0

    • SSDEEP

      12288:lMrty90GxYxVLfDOjFr/LxL2RrHlUEwAUkSFL:IyLxIVLfMx/lLKpOkSt

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.