General

  • Target

    NEAS.b2cc7177962605348c378a59f8e07ab0.exe

  • Size

    419KB

  • Sample

    231116-13qqvaac7z

  • MD5

    b2cc7177962605348c378a59f8e07ab0

  • SHA1

    8e4629b44e0fead30bdcbb058a4ddb063f73e158

  • SHA256

    13e8bcc1746a867d5fffce461395b52430a9294ecc0b29090330165cc826dd5b

  • SHA512

    bd61ca2cff2b1ca5d692739c39ae9fae96c27309584ecd19654ee47b2e9fd77e35f6da27900b55136261c0600d96420b2a04ccf15de81fd2c3fe4151238346ab

  • SSDEEP

    6144:Kuy+bnr+4p0yN90QEPoenhu9LDu++iMxY4jVaQD0bP/r9nFS6ssV35N/+xJVy:WMrwy90Jn04hzVaQD0bpDsi5B+xJVy

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.b2cc7177962605348c378a59f8e07ab0.exe

    • Size

      419KB

    • MD5

      b2cc7177962605348c378a59f8e07ab0

    • SHA1

      8e4629b44e0fead30bdcbb058a4ddb063f73e158

    • SHA256

      13e8bcc1746a867d5fffce461395b52430a9294ecc0b29090330165cc826dd5b

    • SHA512

      bd61ca2cff2b1ca5d692739c39ae9fae96c27309584ecd19654ee47b2e9fd77e35f6da27900b55136261c0600d96420b2a04ccf15de81fd2c3fe4151238346ab

    • SSDEEP

      6144:Kuy+bnr+4p0yN90QEPoenhu9LDu++iMxY4jVaQD0bP/r9nFS6ssV35N/+xJVy:WMrwy90Jn04hzVaQD0bpDsi5B+xJVy

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks