General
-
Target
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926_JC.exe
-
Size
1.8MB
-
Sample
231012-trwdmaah5w
-
MD5
5a846e585b408a600e69ade8bf12199b
-
SHA1
af419d0af685e957b2bc183de22bc65229976cb4
-
SHA256
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926
-
SHA512
c7c90b7d426069d469ec91460321e31a9fdc204e7da53b62adcd41134183298473d2a53c00d1bfbe045517c66a8313c4225b21f514aacbd90d68b05fc4901953
-
SSDEEP
49152:P5i1cDO4G1Hir2AfpgsXt+YVClSlfRUOD:DDOhNUXd9w8lfyOD
Static task
static1
Behavioral task
behavioral1
Sample
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
frant
77.91.124.55:19071
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926_JC.exe
-
Size
1.8MB
-
MD5
5a846e585b408a600e69ade8bf12199b
-
SHA1
af419d0af685e957b2bc183de22bc65229976cb4
-
SHA256
9b2086a3c2f6b76986bd2adfcbb55f88eb1b585d2a86ea6307feda72b7c0f926
-
SHA512
c7c90b7d426069d469ec91460321e31a9fdc204e7da53b62adcd41134183298473d2a53c00d1bfbe045517c66a8313c4225b21f514aacbd90d68b05fc4901953
-
SSDEEP
49152:P5i1cDO4G1Hir2AfpgsXt+YVClSlfRUOD:DDOhNUXd9w8lfyOD
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Privilege Escalation
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1