General

  • Target

    6d6495d193ab5a17f51122e70544f63a6d3099693177880fa2a49067bcc30808

  • Size

    1.3MB

  • Sample

    231011-sz3x1agb6w

  • MD5

    811993a1ba850a32a77c03e58e936e87

  • SHA1

    8e835db7f40f27e7d7a77f20aeea901e6790bea0

  • SHA256

    6d6495d193ab5a17f51122e70544f63a6d3099693177880fa2a49067bcc30808

  • SHA512

    8af26784d41e08fa793706bf2a305cfefdb1d22758423afab0f0f50247410aa63a94a1de4f5fac5269ea0b613fb5dddf167073b5fa29691c65c24ad4eaebfa17

  • SSDEEP

    24576:+ypxZzyxItnw55ufEGSEK0i08htkUle2M7FI:NpzGSA1dt0QNe2M5

Malware Config

Extracted

Family

redline

Botnet

darts

C2

77.91.124.82:19071

Attributes
  • auth_value

    3c8818da7045365845f15ec0946ebf11

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      6d6495d193ab5a17f51122e70544f63a6d3099693177880fa2a49067bcc30808

    • Size

      1.3MB

    • MD5

      811993a1ba850a32a77c03e58e936e87

    • SHA1

      8e835db7f40f27e7d7a77f20aeea901e6790bea0

    • SHA256

      6d6495d193ab5a17f51122e70544f63a6d3099693177880fa2a49067bcc30808

    • SHA512

      8af26784d41e08fa793706bf2a305cfefdb1d22758423afab0f0f50247410aa63a94a1de4f5fac5269ea0b613fb5dddf167073b5fa29691c65c24ad4eaebfa17

    • SSDEEP

      24576:+ypxZzyxItnw55ufEGSEK0i08htkUle2M7FI:NpzGSA1dt0QNe2M5

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks