General

  • Target

    NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe

  • Size

    918KB

  • Sample

    231111-mpdbpsdf9w

  • MD5

    9d4790e6ac2f2694bf319a95b04a99ab

  • SHA1

    2fd546f458635bbbda5936f9813ee78c67d05ec0

  • SHA256

    8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc

  • SHA512

    33c6f653694dcc74cd8f05459cda7dbf2a9ad145157990b9006acf4ee572a6dfd64c71180053c874f44d4ef342ad1ca81648d2c832e7b673ac55a72b250070d8

  • SSDEEP

    12288:nMr8y90OBDSSvFip42aex4IC5ipCPHGBLPLvTMXiYQTDoPASBqGt0o8dfW2tPdD3:XyfBvCaeuIseC/GZLYDrJV8xWqdX3D

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe

    • Size

      918KB

    • MD5

      9d4790e6ac2f2694bf319a95b04a99ab

    • SHA1

      2fd546f458635bbbda5936f9813ee78c67d05ec0

    • SHA256

      8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc

    • SHA512

      33c6f653694dcc74cd8f05459cda7dbf2a9ad145157990b9006acf4ee572a6dfd64c71180053c874f44d4ef342ad1ca81648d2c832e7b673ac55a72b250070d8

    • SSDEEP

      12288:nMr8y90OBDSSvFip42aex4IC5ipCPHGBLPLvTMXiYQTDoPASBqGt0o8dfW2tPdD3:XyfBvCaeuIseC/GZLYDrJV8xWqdX3D

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks