General
-
Target
949daf21eda6f1b54801319a3b3788bc.bin
-
Size
1.2MB
-
Sample
231011-jdvj3abh68
-
MD5
caa469d57ae368a8426d544b63630cf3
-
SHA1
67e93327629aa69595e437f723f28be7cf0b3669
-
SHA256
7ab1cb4a96c5574242beb2ad4484f7b8ae6a53d75767f490eda41813ba85038b
-
SHA512
0fafc47d1db8731fd7a1d04c99846b085483efcd0908a103eb35b931eec9fd11caef384500c548487107e36b077fc254da92c92548a55ff1e147e380e717ca91
-
SSDEEP
24576:GLktzArL2qKL3IkMCey+1jg3VZ9iFm1m8P8tmxFQbszTLgxPVj6UH4KPrtariY3n:GL062qM3IkMMug3ViFMmGhxFQbsP0xdC
Malware Config
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
mystic
http://5.42.92.211/loghub/master
Targets
-
-
Target
94e6ed3afb6e6cd8310c82c09174889fdac0b2b938e86017ad2210bafffac200.exe
-
Size
1.3MB
-
MD5
949daf21eda6f1b54801319a3b3788bc
-
SHA1
c81320bfd645836c70d328ff859b8b80f204a79a
-
SHA256
94e6ed3afb6e6cd8310c82c09174889fdac0b2b938e86017ad2210bafffac200
-
SHA512
0148f1586fc787e4f76349fdffada0f48f346751a878bd26aa2a638fa4c709db95234cb2b39ae7c108564cc42bfabc1e54b41bfa8e482a7e3a9652635f676815
-
SSDEEP
24576:Yyf9Xrc6Yl0Ajrh8W+G/bizQ4RUVhER0hsoX2zx2SctkdirIlyCl6R6x:ffhmdjVdFD+gER0bXgxlcGdiZCl6
Score10/10-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1