Overview

overview

10

Static

static

3

665a25fe81...c0.exe

windows7-x64

5

665a25fe81...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91c9ea17b096c3b5b012690d69e2f8d6.bin

  • Size

    607KB

  • Sample

    231013-2hqqsafd64

  • MD5

    3474a498ac9dc86bc8e70666c1372ded

  • SHA1

    1798301bdeeb9e41694abbcc833cb58a2622fe1f

  • SHA256

    b0bcee0dad0376bfcfa3b0f6fa3ccd6eb6fc2b52323280c463b7e53a3339585e

  • SHA512

    9d5a7bee48d9955df06be7bf97144aec68b4da025118caa7b78e2b638a3f69e316e41b338ac2b9a0da64427cb0e9a8b26c0153fff5ed7a9cfeb58ee0d593debd

  • SSDEEP

    12288:3jdU8oEbKRs45Iy+17L3ARILnydKmt8xFmNAO8Cgf892Tm9rep:zdUXEbKRs4Gr7LwMydKmD24lQ

Score
10/10
mysticredlinemonerinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes
  • auth_value

    a94cd9e01643e1945b296c28a2f28707

Targets

    • Target

      665a25fe81677103220663a397237e33d3cf2835a4f2376447486c4e09189fc0.bin

    • Size

      742KB

    • MD5

      91c9ea17b096c3b5b012690d69e2f8d6

    • SHA1

      bde6d582771ba0065e6599239243cf86e0d2fe50

    • SHA256

      665a25fe81677103220663a397237e33d3cf2835a4f2376447486c4e09189fc0

    • SHA512

      257534852cff565e3da87df8f785f659c5eccf4bdb5107521e80b72f2c62932c76533f57a08f259989f21581694086d89d710a0f36d36dd9ff42a002e36d79cf

    • SSDEEP

      12288:eN//yfYb5BIQZVth9bNgLmajQ/gsuhqt+GTDXWc1vqJ8HwcThN/n0Y9:uiuBtZvb2LR0/gO7LH1veATHj

    Score
    10/10
    mysticredlinemonerinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks