Overview

overview

10

Static

static

3

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    231011-rmm6caee59

  • MD5

    b3fd53ec3775139dab7018f791016a68

  • SHA1

    e99c7b0370dc5243b0c347e32ca5da0ef294f025

  • SHA256

    eef26490e77fe02338150f05b2134d053736d33b448d2e5309778921cd7cf610

  • SHA512

    f88c225cf92977d3642c15a2ec2707ec2ac1636471fb11f7b851b0c3f158ffda4c15ab8f86de0f7574c3b3bd4b1f2dd03ace2fccb0e412c1b79da582ab38bf71

  • SSDEEP

    24576:DytsGcZHGzKOeafaDOQpJ9RS98SMH3pRaXSpw+41kIHnFJUgJsio/5f:WtsVxGzENOQTS9MHZRaXS2nnUgJPo/5

Score
10/10
healermysticredlinedartskendodropperevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

darts

C2

77.91.124.82:19071

Attributes
  • auth_value

    3c8818da7045365845f15ec0946ebf11

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      b3fd53ec3775139dab7018f791016a68

    • SHA1

      e99c7b0370dc5243b0c347e32ca5da0ef294f025

    • SHA256

      eef26490e77fe02338150f05b2134d053736d33b448d2e5309778921cd7cf610

    • SHA512

      f88c225cf92977d3642c15a2ec2707ec2ac1636471fb11f7b851b0c3f158ffda4c15ab8f86de0f7574c3b3bd4b1f2dd03ace2fccb0e412c1b79da582ab38bf71

    • SSDEEP

      24576:DytsGcZHGzKOeafaDOQpJ9RS98SMH3pRaXSpw+41kIHnFJUgJsio/5f:WtsVxGzENOQTS9MHZRaXS2nnUgJPo/5

    Score
    10/10
    healerdropperevasionpersistencetrojanmysticredlinedartskendoinfostealerstealer

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks