General

  • Target

    e7bb292889efd98aceb4ad110cf7eb50N.exe

  • Size

    688KB

  • Sample

    240824-vjvb2asank

  • MD5

    e7bb292889efd98aceb4ad110cf7eb50

  • SHA1

    e3062e2cedb677fbe1198514b0b08d5fd047e7be

  • SHA256

    b4b4b5dcb6a7cd47a52ae640673894c56f45a725d6a96a994239b9aa3f6f8ea8

  • SHA512

    e9868267862774add8a1222f9094ff412ff45f3a9d0a18d5b075ec8b3feae138ddc498deb0ec49dde221cdcc08852affa99d7f7a5b6d6e3a83d1ad37b33d22ec

  • SSDEEP

    12288:AMrAy90ieQqXGoefQDS53uBRElwo/CcPo34F/52GDTHo+xEbFW33:wyXKGoUx3uBRejowJTI9FM

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      e7bb292889efd98aceb4ad110cf7eb50N.exe

    • Size

      688KB

    • MD5

      e7bb292889efd98aceb4ad110cf7eb50

    • SHA1

      e3062e2cedb677fbe1198514b0b08d5fd047e7be

    • SHA256

      b4b4b5dcb6a7cd47a52ae640673894c56f45a725d6a96a994239b9aa3f6f8ea8

    • SHA512

      e9868267862774add8a1222f9094ff412ff45f3a9d0a18d5b075ec8b3feae138ddc498deb0ec49dde221cdcc08852affa99d7f7a5b6d6e3a83d1ad37b33d22ec

    • SSDEEP

      12288:AMrAy90ieQqXGoefQDS53uBRElwo/CcPo34F/52GDTHo+xEbFW33:wyXKGoUx3uBRejowJTI9FM

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks