General

  • Target

    1479ee68750242f019956fd3443e761a.bin

  • Size

    1.3MB

  • Sample

    231112-bm22hach95

  • MD5

    309ca2f5c776f47353a955eda8c139a2

  • SHA1

    67017bf4aa9509e676fa78b4595a0e8a936f0b52

  • SHA256

    ac8b1c2cdaff87e2efe181bf16086fefd3921aabd6dd122099315b113312dd97

  • SHA512

    fad26075ab64bb5d38cd8cf82041a45e26b007cdc9db013442354a4c2ba3c67f08eaec7911a56e3661f77208df64a942090058d673963800d8b377d3b50745d4

  • SSDEEP

    24576:QyBvKZkbJUeS6MZXlBdnbghiVEPt3Sy95pTiG1pj7ktQn:TCZAUr6O0iVExbpTiUIc

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe

    • Size

      1.3MB

    • MD5

      1479ee68750242f019956fd3443e761a

    • SHA1

      8253aebd1a754172c192e1e9ffd1d5e7a9af4ea7

    • SHA256

      7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391

    • SHA512

      164f9acc32622d68033454087ef21e3101e02d938f82c3b7c993ded4624d469604372c8b339539c852c85f7dde2fe05ba6298aec1fb699ef768e765562b0b03b

    • SSDEEP

      24576:3y3B0B/2xS0WWvaeoIs2CFG0pYDNQcrc/0a2ODjjIN3JvMeZKMGeWgfXr2:C3KQIfe/16GD9c8ODjc35MeZR

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks