Overview

overview

10

Static

static

3

1a5c04bc11...51.exe

windows7-x64

10

1a5c04bc11...51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a5c04bc113dc9fb566b9155ecf3f3b516af918fa84de5b5209bbc065f06ca51

  • Size

    863KB

  • Sample

    231011-lwjavshb72

  • MD5

    f34c78c742a606c0e328404803759b1d

  • SHA1

    2d2b6b479faa685c7a9d8bbf8b855671eea4e666

  • SHA256

    56143b85bea040f78cd09837f39a8962e68625c2f02bca422a2b00fd23a87b38

  • SHA512

    65154ffa425925e33ec09b189af3b74d0230bcec717bc012f88e8143338701200d58b2f132e830027b5c6b8af67032d3df94f42c9a8211680030e6c79a4914fc

  • SSDEEP

    24576:2yyNExHhDpKsgiMzhiIwyVyEmMBIome7QTo5ol:FyWxHhGiWhi8Fmo7Al

Score
10/10
mysticredlineluateinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      1a5c04bc113dc9fb566b9155ecf3f3b516af918fa84de5b5209bbc065f06ca51

    • Size

      906KB

    • MD5

      455be1685332e8e2aa8d42828e658bfa

    • SHA1

      869c522aab3fde3a4f3f30547f1f4d1b8a55aec8

    • SHA256

      1a5c04bc113dc9fb566b9155ecf3f3b516af918fa84de5b5209bbc065f06ca51

    • SHA512

      55a6cdcfd2472382936de6ec08eb16ba3226dbb5f7af4a4be803950e9ac659bc044f9404078e5b83196d301886052dfcc94d538036cc32d7565a8b3a19a1a260

    • SSDEEP

      24576:uy7cVEfhhJpIsg6MnhcmwCVKE8MBCom8VtuN/P:97cOfhhm6YhcCt8KV

    Score
    10/10
    mysticpersistencestealerredlineluateinfostealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks