General

  • Target

    248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b

  • Size

    1.8MB

  • Sample

    240921-1gc8mavfpb

  • MD5

    18cbe55c3b28754916f1cbf4dfc95cf9

  • SHA1

    7ccfb7678c34d6a2bedc040da04e2b5201be453b

  • SHA256

    248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b

  • SHA512

    e1d4a7ab164a7e4176a3e4e915480e5c60efe7680d99f0f0bcbd834a4bec1798b951c49ef5c0cca6bea3c2577b475de3c51b2ef1ae70b525d046eb06591f7110

  • SSDEEP

    49152:Eau0Bnly1l8B6hLa5vMIKHVo5W1v2mS0la98MT:Nfy1Wo+JK19eFE6

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Targets

    • Target

      248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b

    • Size

      1.8MB

    • MD5

      18cbe55c3b28754916f1cbf4dfc95cf9

    • SHA1

      7ccfb7678c34d6a2bedc040da04e2b5201be453b

    • SHA256

      248fcc901aff4e4b4c48c91e4d78a939bf681c9a1bc24addc3551b32768f907b

    • SHA512

      e1d4a7ab164a7e4176a3e4e915480e5c60efe7680d99f0f0bcbd834a4bec1798b951c49ef5c0cca6bea3c2577b475de3c51b2ef1ae70b525d046eb06591f7110

    • SSDEEP

      49152:Eau0Bnly1l8B6hLa5vMIKHVo5W1v2mS0la98MT:Nfy1Wo+JK19eFE6

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.