Overview

overview

10

Static

static

3

1ac99ba56d...c6.exe

windows7-x64

10

1ac99ba56d...c6.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    1ac99ba56d5fd0598449c266a89abdc6.exe

  • Size

    942KB

  • Sample

    231011-paay5sga57

  • MD5

    1ac99ba56d5fd0598449c266a89abdc6

  • SHA1

    5ec0706a25695446ec14c909d3d71e0b0b8ab5a5

  • SHA256

    dc9042b69ab00a51de2ad8c298066a59c945bafe7df14db959a7a1ead1b7cdd6

  • SHA512

    1bba277e3b0a452ab391644ebdf5e154aab513f1732b31dadc1ed48d31a9527f2778cdc28ddd7677f67dbf8e328af205f2a17fd788d3c9e7ea6e2fbd18617a8a

  • SSDEEP

    24576:GyjszW7jNC4VBryxeArJhOwLBhtSSzVM534GheE35Ni:VZNUrzOwVhNzVZGhl

Score
10/10
mysticredlineluateinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      1ac99ba56d5fd0598449c266a89abdc6.exe

    • Size

      942KB

    • MD5

      1ac99ba56d5fd0598449c266a89abdc6

    • SHA1

      5ec0706a25695446ec14c909d3d71e0b0b8ab5a5

    • SHA256

      dc9042b69ab00a51de2ad8c298066a59c945bafe7df14db959a7a1ead1b7cdd6

    • SHA512

      1bba277e3b0a452ab391644ebdf5e154aab513f1732b31dadc1ed48d31a9527f2778cdc28ddd7677f67dbf8e328af205f2a17fd788d3c9e7ea6e2fbd18617a8a

    • SSDEEP

      24576:GyjszW7jNC4VBryxeArJhOwLBhtSSzVM534GheE35Ni:VZNUrzOwVhNzVZGhl

    Score
    10/10
    mysticpersistencestealerredlineluateinfostealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks