General

  • Target

    aaa53ca479bc7bde87061c0fc7083bee87e7b9b876d10607e9cf7e4f74ddb0dd

  • Size

    877KB

  • Sample

    240525-ccp5maag93

  • MD5

    2c4aa73b3c16d326ae6918ebc419b69d

  • SHA1

    efcdc1933a5526e5ffd25b37bf46b6132268698e

  • SHA256

    aaa53ca479bc7bde87061c0fc7083bee87e7b9b876d10607e9cf7e4f74ddb0dd

  • SHA512

    c4f78c510cc2a858fd7e3002bfd066abfcfdb8f070f086aab79cb74885e534a11d7a26146f7973109dd825a1d436a52f874592730fb8cdb8a6fe6ad64facbf87

  • SSDEEP

    12288:0MrTy90tquIYW5HB2NtqCertQYISCkQJha998oKgvwADk1EMt2NP3tviJ/kCubB3:nyZuIY0H8YrGYIS7QY98ojq2vKMCuSW

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      aaa53ca479bc7bde87061c0fc7083bee87e7b9b876d10607e9cf7e4f74ddb0dd

    • Size

      877KB

    • MD5

      2c4aa73b3c16d326ae6918ebc419b69d

    • SHA1

      efcdc1933a5526e5ffd25b37bf46b6132268698e

    • SHA256

      aaa53ca479bc7bde87061c0fc7083bee87e7b9b876d10607e9cf7e4f74ddb0dd

    • SHA512

      c4f78c510cc2a858fd7e3002bfd066abfcfdb8f070f086aab79cb74885e534a11d7a26146f7973109dd825a1d436a52f874592730fb8cdb8a6fe6ad64facbf87

    • SSDEEP

      12288:0MrTy90tquIYW5HB2NtqCertQYISCkQJha998oKgvwADk1EMt2NP3tviJ/kCubB3:nyZuIY0H8YrGYIS7QY98ojq2vKMCuSW

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks