General

  • Target

    24ba6182b2b896735636ee38d74d437d.bin

  • Size

    874KB

  • Sample

    231112-bxm1bsda39

  • MD5

    305846362ef5d01973bcdafd27a2dbdc

  • SHA1

    3ce3eb199cf77b8f27e7df1586ae65874d035706

  • SHA256

    bfc632022c2cf12c89d68cae328c4bc8b72db03f4887cacfe488b7f435c1fa7c

  • SHA512

    3b2380ece27cd6129b6ceecdaa6e8283cb0684489921c6359bd4d1c8cf46a86ade4cbdd1c57b6bde4dcf26aab0c6828bf3f11c20817f578d1d0b6c20068a84da

  • SSDEEP

    24576:PW+J+F9cnOv/+4ihHzjFD/TK59ZNdjzhTE2oBdTI3:eQ+XcOBid3FD/u5HfFodTq

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3.exe

    • Size

      917KB

    • MD5

      24ba6182b2b896735636ee38d74d437d

    • SHA1

      6655b258f4cdd4a59509e979febbe307b1b436cc

    • SHA256

      1201bf878caa54aca39c6973c193210786509f098f5b9da23a03258cc278f5e3

    • SHA512

      2dfe01e63175dcb82070537d4fa6a56082005c87fa3a1bfa794df69090e09e6171c9267eacef2c4438bf667fc1e91b7be123f597647c0650f0de9bcb39f452d5

    • SSDEEP

      12288:oMrXy90VwYmWe3o6Wq2uQKALaex4IC52pCPHG7vPLvTMXiYQ1DxSMSBIWBcOI2mG:/yEDt6aXLaeuIsCC/GvLYDHmf3x9SJ

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks