General
-
Target
dc59454bb076a3e6100243b8348fc935.exe
-
Size
1.1MB
-
Sample
231011-pk96zshc26
-
MD5
dc59454bb076a3e6100243b8348fc935
-
SHA1
4c625924d0e2e1466a9915d8746c554da2ac4407
-
SHA256
2dd2b50c166be25074707602e6076baf2b200e718849b2aca595ad72da802b39
-
SHA512
c24188ae1f7e9ad6898a9df3c5e0fca12a139af808c79dc7ae8f07a722883e08356ecdc18e27ad6d21b1dc640a6b2d2259fd69d7739d821aa113a419a952eee0
-
SSDEEP
24576:uyLYVqHXSozqg8a76Z0BcWqOl4fe2IZbvsiu/:9LYVqHiouLE6Yvz4mBl
Static task
static1
Behavioral task
behavioral1
Sample
dc59454bb076a3e6100243b8348fc935.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
dc59454bb076a3e6100243b8348fc935.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Targets
-
-
Target
dc59454bb076a3e6100243b8348fc935.exe
-
Size
1.1MB
-
MD5
dc59454bb076a3e6100243b8348fc935
-
SHA1
4c625924d0e2e1466a9915d8746c554da2ac4407
-
SHA256
2dd2b50c166be25074707602e6076baf2b200e718849b2aca595ad72da802b39
-
SHA512
c24188ae1f7e9ad6898a9df3c5e0fca12a139af808c79dc7ae8f07a722883e08356ecdc18e27ad6d21b1dc640a6b2d2259fd69d7739d821aa113a419a952eee0
-
SSDEEP
24576:uyLYVqHXSozqg8a76Z0BcWqOl4fe2IZbvsiu/:9LYVqHiouLE6Yvz4mBl
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1