General
-
Target
fefc6fbdca66c18fe56ff3cb84e97eac.bin
-
Size
1.2MB
-
Sample
231008-daagtshf8w
-
MD5
7c27f8e5438c017c13fd8413825efaf1
-
SHA1
989786db5b671aa9e4f610a76f14e135237dc261
-
SHA256
bb7469bd5e5bf699fc1cb6448ed6a693975b3a25fee94aeee9ee259af3be91b8
-
SHA512
852d4e3c0f65c6484d6583620159c97332ba16bea9200eab8ef1ac32acb76f2667352e012ccd111c438075e6a627ddb35b1c397f8e1f0a4e673d27fe69a8ecea
-
SSDEEP
24576:cGdQy5teuYcyMqCF5F/sruM5l5HbdUHRlmHUGT/f:cGdHj9bJ5leuMj5mxwHxTH
Static task
static1
Behavioral task
behavioral1
Sample
238f4644ee51e1b5452aa80a901eca5dbd075f57348f7eec0267d12bc9385630.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
238f4644ee51e1b5452aa80a901eca5dbd075f57348f7eec0267d12bc9385630.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
frant
77.91.124.55:19071
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
238f4644ee51e1b5452aa80a901eca5dbd075f57348f7eec0267d12bc9385630.exe
-
Size
1.2MB
-
MD5
fefc6fbdca66c18fe56ff3cb84e97eac
-
SHA1
2b84c1fcd2b24d6a2cd358758c1aa637213bf55a
-
SHA256
238f4644ee51e1b5452aa80a901eca5dbd075f57348f7eec0267d12bc9385630
-
SHA512
65035e5ae3128a28df05c67dad1582bb15b7f534f1cdb9135795479f09f1aeafa0940cf2d1802b76803f7e007b415ece68455557129be6f5190037c90eac8710
-
SSDEEP
24576:qy73heY0lCvksMhZKAritR1wgZB9ufLphU6:x7gNlC8sMhIArib11ip6
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1