General
-
Target
ce40d94599ac5d107c7307394926c3ba40229426b355943fc36b627f535d0612
-
Size
1.3MB
-
Sample
231011-hra7xaad88
-
MD5
f1eee77834578bcc3ae8f9cb57a7e236
-
SHA1
ec1108136546ba501050e03c17b88441041067d6
-
SHA256
c7755a90ebf60592a36a2bba2aca286d1df8c695e6d0ddfe217537c1b97e0e9e
-
SHA512
e6034b564377c34cacab073a5f19ced8b3551e24ca7d801292730842bb94658e0e0a29d2cf2e619c446016b0dbbcdc45e93f0475e45fb98968fd8f36336265f0
-
SSDEEP
24576:b9jpyzlhF9a8bCG0oqvDhEZP09yl30BhQq0SpneJH++c2tkz7255ITNFL:Jc3FkmFqbhEZPjEBhQFSpeJfG2T8NFL
Static task
static1
Behavioral task
behavioral1
Sample
ce40d94599ac5d107c7307394926c3ba40229426b355943fc36b627f535d0612.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
http://77.91.68.52/mac/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
Targets
-
-
Target
ce40d94599ac5d107c7307394926c3ba40229426b355943fc36b627f535d0612
-
Size
1.3MB
-
MD5
0a7ebf60fb5ff5461dfb3cd9db9ff0b7
-
SHA1
c4b558e18b9b3c22051020e67b5956bbea5dc63b
-
SHA256
ce40d94599ac5d107c7307394926c3ba40229426b355943fc36b627f535d0612
-
SHA512
bd4fa654caec95ab7b2a4cc107b7cf25ff07bed3ea9b136ffb85050c829f9bdc26a6f4cd95418ffa1889564ee6ee12ec63efbf3b996720438510f3915747c292
-
SSDEEP
24576:XyzlhzBVhabCQ0ySll5IvC9y12hEg0wpnmpCJHEecYtb3725JITNze:i3zBni9Sz5IvUhE7wpECJ/9ab8Nz
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1