Overview

overview

10

Static

static

3

1c629958e1...09.exe

windows7-x64

10

1c629958e1...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1c629958e1c5d0ef1ba58f7e917271d33c0e5bd156802918200e57b64e2cdc09

  • Size

    928KB

  • Sample

    231010-1typ4afh65

  • MD5

    8a5caf15a8c70fce4cfb968409d66eba

  • SHA1

    aeac8f699219fd85bd7a95929e42559604e6ddc1

  • SHA256

    1c629958e1c5d0ef1ba58f7e917271d33c0e5bd156802918200e57b64e2cdc09

  • SHA512

    821fc813fa7280be1d9c53ed486348207184212c22701974f6145d52f68f9df9d6afbd2911fb0f12302c380c2a4c9e6c96f18201aa6552a302eb79674c489f67

  • SSDEEP

    24576:9y4wAFsQ4we3rtLuy/03jhgTuGhq6SniF:Y4wkfKrtFmOTuGhqu

Score
10/10
mysticredlineluskainfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      1c629958e1c5d0ef1ba58f7e917271d33c0e5bd156802918200e57b64e2cdc09

    • Size

      928KB

    • MD5

      8a5caf15a8c70fce4cfb968409d66eba

    • SHA1

      aeac8f699219fd85bd7a95929e42559604e6ddc1

    • SHA256

      1c629958e1c5d0ef1ba58f7e917271d33c0e5bd156802918200e57b64e2cdc09

    • SHA512

      821fc813fa7280be1d9c53ed486348207184212c22701974f6145d52f68f9df9d6afbd2911fb0f12302c380c2a4c9e6c96f18201aa6552a302eb79674c489f67

    • SSDEEP

      24576:9y4wAFsQ4we3rtLuy/03jhgTuGhq6SniF:Y4wkfKrtFmOTuGhqu

    Score
    10/10
    mysticpersistencestealerredlineluskainfostealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks