General

  • Target

    55c92c9d066595ad73adb426e0e8323b.bin

  • Size

    874KB

  • Sample

    231112-chm78acd6s

  • MD5

    f295938358f0391e10180c0418f2c594

  • SHA1

    711c5669a758a976ef997df6b5ed9582281d1478

  • SHA256

    0d8a71a7fd5c82ef5f7bd5b3c7004c9b368dd991f27d8999e8b71c8c9872cb49

  • SHA512

    59dbbfea22de3470e306ade99cfc7bae5d8ece1d790ee4ea21062ea0cf0e838003838bd009fb6ed788b42ac8d13fc500ad1bdb1091265ec9e2d5a814800d3faa

  • SSDEEP

    12288:q/Oyim8p91mb+EQG1O9s2oHDewsia7CNIuFb9IYyN20JCZ87BlX7Z8GZyWEr/6sZ:+OC+EQG8HojdbOul97qZJ28Vr6rS6luK

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe

    • Size

      917KB

    • MD5

      55c92c9d066595ad73adb426e0e8323b

    • SHA1

      b6e3bc50e01fde7a05c6430135feb6a1cef04725

    • SHA256

      cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1

    • SHA512

      b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed

    • SSDEEP

      24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks