General

  • Target

    NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe

  • Size

    917KB

  • Sample

    231111-mh9fkade6z

  • MD5

    fe4b1bb2a1c62a725fde05966feb1ba1

  • SHA1

    0d8622306a0396b9f9405cc1dcd8dd9665df58be

  • SHA256

    0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201

  • SHA512

    0a2de1420b40054f3018072bde54cecf15addd2d228798bec93a967f400faf0d0bf89aff1adb83a4e92d7d336480879d3c5bc6d8b9f1cc22c09caff49b3941ec

  • SSDEEP

    24576:dyG2QdhO81i/aeuIs+C/GzLYDXVGkSR5KGnMZXBkfKfm:4G22O81iietBEG4MB5KsEXYK

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe

    • Size

      917KB

    • MD5

      fe4b1bb2a1c62a725fde05966feb1ba1

    • SHA1

      0d8622306a0396b9f9405cc1dcd8dd9665df58be

    • SHA256

      0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201

    • SHA512

      0a2de1420b40054f3018072bde54cecf15addd2d228798bec93a967f400faf0d0bf89aff1adb83a4e92d7d336480879d3c5bc6d8b9f1cc22c09caff49b3941ec

    • SSDEEP

      24576:dyG2QdhO81i/aeuIs+C/GzLYDXVGkSR5KGnMZXBkfKfm:4G22O81iietBEG4MB5KsEXYK

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks