General

  • Target

    3989b9cdb7533f6a4224d826075e7b68.bin

  • Size

    874KB

  • Sample

    231112-b6c7gsda59

  • MD5

    f629a3a51d795b0ea7f303d50b7b1829

  • SHA1

    32773e1b27ddb9da65c478a13a74b71db438660c

  • SHA256

    34758a656b5349e7b5ebea3db962a0ee6593b013d42cafae079fc6135727baf4

  • SHA512

    8d970d843024de3f86338978c2e6ce0074d82e7ac4a160115c0940ae7697e60a87b92b9f031e31f1e73bc3e5f1630f0a5635f0b166cf1398eac70241689a51a4

  • SSDEEP

    24576:pRN87rWCKiLWCPUUkR7fEYaM1INTuiZUBlpaUmEK:nNmZLWT4g1IN6KUrpaUK

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae.exe

    • Size

      917KB

    • MD5

      3989b9cdb7533f6a4224d826075e7b68

    • SHA1

      4979fe0fa01235312253ae25af744a6c16230d00

    • SHA256

      df5f1034f8c58e4a3cccabb50947abc1d1e6ddd774b5cd294176870cfab130ae

    • SHA512

      413e7878802b4770b16c522dd0022b21de285f6824c5e93dd0edf19982fc2bfdfd24aa924912bfbfcbfe3ee6c022d526a7e4b6ca621fce8f916ad8966f9428db

    • SSDEEP

      24576:kybY+TVcaeuIsqC/G5LYD/iNm3Wvet44khJCJ:zbhfetjEGSycWW6vC

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks