General

  • Target

    026d75800260dad32ccddaa057686c6d.exe

  • Size

    1.4MB

  • Sample

    231114-pswzbsbb24

  • MD5

    026d75800260dad32ccddaa057686c6d

  • SHA1

    8fba7d5454baa53ecd75dbfb27c14943ce545083

  • SHA256

    1abb8e978cc50ac436946ba779cfc8bdd5022a6251aca2d761b09b5a6433fbee

  • SHA512

    b0954deb91e3b7e18d8788e3467a3298bdefbbd743405c6222ad7af2bf3f8e703ad10262d2bdf3dd019efbae996f2270925c30c357658a41dc98185dd1c56b20

  • SSDEEP

    24576:eyJ3a1T6mx5FyKAH7KqcKnSYuZVzcwTTWkeMG:tda56YIKkRG/QA6k9

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

risepro

C2

5.42.92.51

Targets

    • Target

      026d75800260dad32ccddaa057686c6d.exe

    • Size

      1.4MB

    • MD5

      026d75800260dad32ccddaa057686c6d

    • SHA1

      8fba7d5454baa53ecd75dbfb27c14943ce545083

    • SHA256

      1abb8e978cc50ac436946ba779cfc8bdd5022a6251aca2d761b09b5a6433fbee

    • SHA512

      b0954deb91e3b7e18d8788e3467a3298bdefbbd743405c6222ad7af2bf3f8e703ad10262d2bdf3dd019efbae996f2270925c30c357658a41dc98185dd1c56b20

    • SSDEEP

      24576:eyJ3a1T6mx5FyKAH7KqcKnSYuZVzcwTTWkeMG:tda56YIKkRG/QA6k9

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Enumerates VirtualBox registry keys

    • Executes dropped EXE

    • Adds Run key to start application

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks