General
-
Target
7d69de281f673e24c3577742cd22fbce.bin
-
Size
1.0MB
-
Sample
231011-jdylqabh77
-
MD5
111f4b0c6433c17206869b88b5c590bb
-
SHA1
a5914ce6b8e1d91df869f2210b59755889bf2185
-
SHA256
ce6c745e21f3d00d7b0ded93e4ceed055e2e773757263fa1249f802297243c68
-
SHA512
2d242a2a7bde0da0946102c0ff66bc2aa2a2107f06dc7f8079689a8691d61356f92a7fed919d0c2e1448140be13a117a165b9fda92fbc241ce127edffa94aafa
-
SSDEEP
24576:ETCpWWdCR5G7qbKRnCB8T3WahkBpcEmFgADmbHrXtb:ETKNCrG/NCeT36BpfQi7rXB
Static task
static1
Behavioral task
behavioral1
Sample
f1c959df7dd61d396faee6edf36d31f1616db1fe55520b51c71510f5fb664e56.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
http://77.91.68.52/mac/index.php
http://77.91.68.78/help/index.php
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
Targets
-
-
Target
f1c959df7dd61d396faee6edf36d31f1616db1fe55520b51c71510f5fb664e56.exe
-
Size
1.0MB
-
MD5
7d69de281f673e24c3577742cd22fbce
-
SHA1
786dff0bedd5328c81029ff8dc18fb02a735a9c3
-
SHA256
f1c959df7dd61d396faee6edf36d31f1616db1fe55520b51c71510f5fb664e56
-
SHA512
47ccfa0cd0566681b5f7f01c9f164f4a2efb6d93ec44fc3abb3d08effdd5b5b242d7acb91c4fbbffa31cd98c86c0a47d3724741ce5bc59740cd5746a21f5f4d8
-
SSDEEP
24576:uyN1O1iVtHuLP8TeiADSqtPjMHnnkbxu:90YtTelDSAbx
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1