Overview

overview

10

Static

static

3

2ecb39f792...5b.exe

windows7-x64

10

2ecb39f792...5b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2ecb39f7924c73626b533601015860660e7908da9f2cbd40a61292c83bfa515b

  • Size

    1.2MB

  • Sample

    231011-swbpcafg2w

  • MD5

    bb18481b5ab274209279b66177f4ac87

  • SHA1

    81e37a7b6a73fb9156f8bf6af69f5db49d433d5d

  • SHA256

    2ecb39f7924c73626b533601015860660e7908da9f2cbd40a61292c83bfa515b

  • SHA512

    f5f13ae379fa2e83eae4fdb6cf346c576f12883a4aff9790c1971579245cd9ffce7ac374f82cb6a999729800b7cdebabe951b9c1a34bcd1f6fbeed4f4d0ed370

  • SSDEEP

    24576:IyEFn8VoBPJCgEhfql6eq/hq7M7Y2s+ZgoAHLasXhcaE:PEFlV8Pf5b/hq47YEZgvHLaYh

Score
10/10
healermysticredlinedartskendodropperevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

darts

C2

77.91.124.82:19071

Attributes
  • auth_value

    3c8818da7045365845f15ec0946ebf11

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      2ecb39f7924c73626b533601015860660e7908da9f2cbd40a61292c83bfa515b

    • Size

      1.2MB

    • MD5

      bb18481b5ab274209279b66177f4ac87

    • SHA1

      81e37a7b6a73fb9156f8bf6af69f5db49d433d5d

    • SHA256

      2ecb39f7924c73626b533601015860660e7908da9f2cbd40a61292c83bfa515b

    • SHA512

      f5f13ae379fa2e83eae4fdb6cf346c576f12883a4aff9790c1971579245cd9ffce7ac374f82cb6a999729800b7cdebabe951b9c1a34bcd1f6fbeed4f4d0ed370

    • SSDEEP

      24576:IyEFn8VoBPJCgEhfql6eq/hq7M7Y2s+ZgoAHLasXhcaE:PEFlV8Pf5b/hq47YEZgvHLaYh

    Score
    10/10
    healerdropperevasionpersistencetrojanmysticredlinedartskendoinfostealerstealer

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks