General

  • Target

    ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8

  • Size

    888KB

  • Sample

    231114-kj39tshg9x

  • MD5

    6a94128cfa49b6bca927ec11a720ba64

  • SHA1

    1a8a7c205d93d9d3cddb6dca8ce3d3dba594e267

  • SHA256

    ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8

  • SHA512

    85f4ec51b780f89391f040ca2a93b6714fbf66f45a2c1821ee4898b8b7f39151f50109bb7eba3f11350af630ad29bd36d6b813c76b318e4ae1d7fbaee375009a

  • SSDEEP

    24576:RySJLBPzwzL79IYq7cnvbMJ0vJSKbQDKe0JA43tgxQwh:Elf7BvblvJS1DKVJ0

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8

    • Size

      888KB

    • MD5

      6a94128cfa49b6bca927ec11a720ba64

    • SHA1

      1a8a7c205d93d9d3cddb6dca8ce3d3dba594e267

    • SHA256

      ea71defda48dd0a3b6cfe3401f018d8495016213b6afe96a24cbbaa0afaa36b8

    • SHA512

      85f4ec51b780f89391f040ca2a93b6714fbf66f45a2c1821ee4898b8b7f39151f50109bb7eba3f11350af630ad29bd36d6b813c76b318e4ae1d7fbaee375009a

    • SSDEEP

      24576:RySJLBPzwzL79IYq7cnvbMJ0vJSKbQDKe0JA43tgxQwh:Elf7BvblvJS1DKVJ0

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks