Overview

overview

10

Static

static

3

27319f213b...1b.exe

windows7-x64

10

27319f213b...1b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27319f213bcd97775862f7d2b1b8cf0aacd10b63f658ae3073123af375743a1b

  • Size

    1.3MB

  • Sample

    231011-rjm16scd6s

  • MD5

    556ca29c7ae44545dfe2fe704ab21ea5

  • SHA1

    343211ed26e9e22fe3e1cccbedbedba66f9d1713

  • SHA256

    27319f213bcd97775862f7d2b1b8cf0aacd10b63f658ae3073123af375743a1b

  • SHA512

    78400d59a7346c01cc806c957f11f89b9223a3d042cfff6716e2bf742745d216405a9dc5dafa0ebfedf47d36715952f347837531ff7ef9a774f796dc3fce5c06

  • SSDEEP

    24576:syFBytZvPnZdOH5RhZd1KSlpmldRk0RTyzdbFV23tk8hlQ+Qrpzip6V:bFQtJPnORVplpoRkKy5INX+NuU

Score
10/10
healermysticredlinedartskendodropperevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

darts

C2

77.91.124.82:19071

Attributes
  • auth_value

    3c8818da7045365845f15ec0946ebf11

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      27319f213bcd97775862f7d2b1b8cf0aacd10b63f658ae3073123af375743a1b

    • Size

      1.3MB

    • MD5

      556ca29c7ae44545dfe2fe704ab21ea5

    • SHA1

      343211ed26e9e22fe3e1cccbedbedba66f9d1713

    • SHA256

      27319f213bcd97775862f7d2b1b8cf0aacd10b63f658ae3073123af375743a1b

    • SHA512

      78400d59a7346c01cc806c957f11f89b9223a3d042cfff6716e2bf742745d216405a9dc5dafa0ebfedf47d36715952f347837531ff7ef9a774f796dc3fce5c06

    • SSDEEP

      24576:syFBytZvPnZdOH5RhZd1KSlpmldRk0RTyzdbFV23tk8hlQ+Qrpzip6V:bFQtJPnORVplpoRkKy5INX+NuU

    Score
    10/10
    healerdropperevasionpersistencetrojanmysticredlinedartskendoinfostealerstealer

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks