General
-
Target
1a570f3f97bfd55b1ea3dc07be4ea5710bc4638367787fea00212c98f696834e
-
Size
1.3MB
-
Sample
231011-hqcdksac93
-
MD5
4c21f4367e62e1990a1f1eb95884a821
-
SHA1
314a3411dded5115c14a03a5097cefb2cd918566
-
SHA256
3b8aab3e5e3ce48c83db881f033033b0bb7e07b1a9718a7f1aceb9cea419652d
-
SHA512
1f45f7b2f678fa8ff002bd5db2e7dd73e2d1309712fe15ea53bf586cd0e4e0c4ee025141694ccb6a20316547b20dd93c226e6fa4d5f77699df805229ea422569
-
SSDEEP
24576:WMySUkoZx8jLGW4FGnsjKDB8RL6i69dBBkVrRsk5xcr4vltYFFS7WYm:G2MQLGx8sjYBO6iQBBkkzFw7Wr
Static task
static1
Behavioral task
behavioral1
Sample
1a570f3f97bfd55b1ea3dc07be4ea5710bc4638367787fea00212c98f696834e.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
http://77.91.68.52/mac/index.php
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
Targets
-
-
Target
1a570f3f97bfd55b1ea3dc07be4ea5710bc4638367787fea00212c98f696834e
-
Size
1.3MB
-
MD5
c41de7deb56e46c409525e1d8ab78139
-
SHA1
6f28e9ad024298acc1b297fc98b672eadd179633
-
SHA256
1a570f3f97bfd55b1ea3dc07be4ea5710bc4638367787fea00212c98f696834e
-
SHA512
198052e058cecb296b2df7a50836f6332bcd4189e4a417c9a35411d994556cdde5fe9c626349ab7afeda80c16c4e9781394d0b0aa40afdc3048a1e76775b8593
-
SSDEEP
24576:2yrkmZd8TfamFI61tT6j6DBQH1BoFu69/BBIL9RskZxxHY7I+vlbYF5gCeWa:F4o+f7KeWjoBSyEmBBIuUF+Ct
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1