General
-
Target
775776201e20d90baeadd21102f4979b564d1df5f501d21c53ab0eb8db9a3512
-
Size
1.3MB
-
Sample
231011-rj33dsec47
-
MD5
c84f1acb197203afcfeac4f3e5c68f04
-
SHA1
715d2587f0238647b23ccc0679a6e09480c49b65
-
SHA256
775776201e20d90baeadd21102f4979b564d1df5f501d21c53ab0eb8db9a3512
-
SHA512
7ba17a99b7ec0292ef12b950e13d0d9a5ff69114b89676ea635b425aceb454d8090b5b85f4c1b1c1e930a7b4440bd8d542fc7b0b7e67dce0779f25e183ad6b92
-
SSDEEP
24576:kyyr2x3wu+X2BNLgMAaIAen1ZQD9zgCyh8oOKDrh+YArlLakulO0:zyr2x3wVms3aBenMRzt+l+/Ylg
Malware Config
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
mystic
http://5.42.92.211/loghub/master
Targets
-
-
Target
775776201e20d90baeadd21102f4979b564d1df5f501d21c53ab0eb8db9a3512
-
Size
1.3MB
-
MD5
c84f1acb197203afcfeac4f3e5c68f04
-
SHA1
715d2587f0238647b23ccc0679a6e09480c49b65
-
SHA256
775776201e20d90baeadd21102f4979b564d1df5f501d21c53ab0eb8db9a3512
-
SHA512
7ba17a99b7ec0292ef12b950e13d0d9a5ff69114b89676ea635b425aceb454d8090b5b85f4c1b1c1e930a7b4440bd8d542fc7b0b7e67dce0779f25e183ad6b92
-
SSDEEP
24576:kyyr2x3wu+X2BNLgMAaIAen1ZQD9zgCyh8oOKDrh+YArlLakulO0:zyr2x3wVms3aBenMRzt+l+/Ylg
Score10/10-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1