Overview

overview

10

Static

static

3

2996b6895e...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2996b6895e119d13f7079b35c759a990.exe

  • Size

    821KB

  • Sample

    231206-y3yqcahf5t

  • MD5

    2996b6895e119d13f7079b35c759a990

  • SHA1

    eda336009605751902a38c71e485179b042152de

  • SHA256

    fe53a1276442987882b39d6347dc0d3d587c14d6733ebd2891556f56ba041997

  • SHA512

    57f92e54626729b0aa6aaedde3ab325447084906c010e435be9c79f8703d72c822dda36fcf3285cf9c85c643800f4ada84ca62216b68e65578f027e3217f2afa

  • SSDEEP

    12288:VMrLy90c2w6HVVGLqW6dmBosMy8NZrr2V2xplNGty0miRWBXb1NGqNZz:Cy/2wujaSeSEYlz0zRu5z

Score
10/10
mysticredlinegigantinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      2996b6895e119d13f7079b35c759a990.exe

    • Size

      821KB

    • MD5

      2996b6895e119d13f7079b35c759a990

    • SHA1

      eda336009605751902a38c71e485179b042152de

    • SHA256

      fe53a1276442987882b39d6347dc0d3d587c14d6733ebd2891556f56ba041997

    • SHA512

      57f92e54626729b0aa6aaedde3ab325447084906c010e435be9c79f8703d72c822dda36fcf3285cf9c85c643800f4ada84ca62216b68e65578f027e3217f2afa

    • SSDEEP

      12288:VMrLy90c2w6HVVGLqW6dmBosMy8NZrr2V2xplNGty0miRWBXb1NGqNZz:Cy/2wujaSeSEYlz0zRu5z

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks