General

  • Target

    NEAS.33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8.exe

  • Size

    511KB

  • Sample

    231111-mjeycaee25

  • MD5

    9f119b2275bc77f37003418eda186ce3

  • SHA1

    5b65a7cfbb42215c1069729e198d72fa0bb46d07

  • SHA256

    33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8

  • SHA512

    6a9ab923a3a77c52dfec94ae2c310cd64713bab8e28b8f93662bcd460db6b05a614b413e1a89c5ee4501648ce89e339868b5dd1a7f55604f625c4fa9fa248584

  • SSDEEP

    12288:KMrVy90G2+6MwzY8TUs2QuX+4+wSRzFGVfQDjB:vy576M8YSz2QuuUS9YVfQnB

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8.exe

    • Size

      511KB

    • MD5

      9f119b2275bc77f37003418eda186ce3

    • SHA1

      5b65a7cfbb42215c1069729e198d72fa0bb46d07

    • SHA256

      33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8

    • SHA512

      6a9ab923a3a77c52dfec94ae2c310cd64713bab8e28b8f93662bcd460db6b05a614b413e1a89c5ee4501648ce89e339868b5dd1a7f55604f625c4fa9fa248584

    • SSDEEP

      12288:KMrVy90G2+6MwzY8TUs2QuX+4+wSRzFGVfQDjB:vy576M8YSz2QuuUS9YVfQnB

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks