General
-
Target
A8A0F8C4DD8185883448DA9635D50AA0.exe
-
Size
1.7MB
-
Sample
231009-m1l3zsed63
-
MD5
a8a0f8c4dd8185883448da9635d50aa0
-
SHA1
f14ff1f212fa9d58ae1f65c8749b14c3c2a618bb
-
SHA256
753d16f4ea232a594788e94ed50cac8cf6ff1bde28fafaf97e65f243a37b7d5b
-
SHA512
b51907b9a0cd6dc4719b9368db1767e1d59cd93bac02cd169bc1b2c9ce434f3c663f7c0ecd1bd6e09922ddcc27158b489524474d872c67ce9d6e6edd36e9b751
-
SSDEEP
24576:Fy7gVq3vdHp+4yBfJ4jP9EWWHE0UQ3XeRxni3Rh1Keqeoo9S:gKqFJVimeZk0b3ddKrBo
Static task
static1
Behavioral task
behavioral1
Sample
A8A0F8C4DD8185883448DA9635D50AA0.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
A8A0F8C4DD8185883448DA9635D50AA0.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
frant
77.91.124.55:19071
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
A8A0F8C4DD8185883448DA9635D50AA0.exe
-
Size
1.7MB
-
MD5
a8a0f8c4dd8185883448da9635d50aa0
-
SHA1
f14ff1f212fa9d58ae1f65c8749b14c3c2a618bb
-
SHA256
753d16f4ea232a594788e94ed50cac8cf6ff1bde28fafaf97e65f243a37b7d5b
-
SHA512
b51907b9a0cd6dc4719b9368db1767e1d59cd93bac02cd169bc1b2c9ce434f3c663f7c0ecd1bd6e09922ddcc27158b489524474d872c67ce9d6e6edd36e9b751
-
SSDEEP
24576:Fy7gVq3vdHp+4yBfJ4jP9EWWHE0UQ3XeRxni3Rh1Keqeoo9S:gKqFJVimeZk0b3ddKrBo
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1