General

  • Target

    NEAS.cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe

  • Size

    917KB

  • Sample

    231111-mgke2sed64

  • MD5

    55c92c9d066595ad73adb426e0e8323b

  • SHA1

    b6e3bc50e01fde7a05c6430135feb6a1cef04725

  • SHA256

    cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1

  • SHA512

    b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed

  • SSDEEP

    24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe

    • Size

      917KB

    • MD5

      55c92c9d066595ad73adb426e0e8323b

    • SHA1

      b6e3bc50e01fde7a05c6430135feb6a1cef04725

    • SHA256

      cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1

    • SHA512

      b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed

    • SSDEEP

      24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks