General
-
Target
WEXTRACT.EXE
-
Size
497KB
-
Sample
231231-fbpdgsgad7
-
MD5
b86c688c83ea1a7fd4f3c0030ea16dd0
-
SHA1
f3f0c529bff95b9d8eab4b3b34255d056cac6952
-
SHA256
bdc94c688a45edd35d57b114679ba844194daf1026f3abf5b8f1223c8d6ff47c
-
SHA512
a140ce40462f355d721543e02a44cc759c9ae095b6b2f002046633dfa9fdeb48373d0cf945049379f5bcfe3df5ae04e2acd1ed36d68f6a28db3c66713fe79a30
-
SSDEEP
12288:3MrZy90oLn5mW+xggEhkbXsbF8QqVUbx3KE:+yL5mRxgGzKynVex3B
Static task
static1
Behavioral task
behavioral1
Sample
WEXTRACT.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
WEXTRACT.exe
Resource
win10v2004-20231215-en
Malware Config
Extracted
redline
stas
77.91.124.82:19071
-
auth_value
db6d96c4eade05afc28c31d9ad73a73c
Targets
-
-
Target
WEXTRACT.EXE
-
Size
497KB
-
MD5
b86c688c83ea1a7fd4f3c0030ea16dd0
-
SHA1
f3f0c529bff95b9d8eab4b3b34255d056cac6952
-
SHA256
bdc94c688a45edd35d57b114679ba844194daf1026f3abf5b8f1223c8d6ff47c
-
SHA512
a140ce40462f355d721543e02a44cc759c9ae095b6b2f002046633dfa9fdeb48373d0cf945049379f5bcfe3df5ae04e2acd1ed36d68f6a28db3c66713fe79a30
-
SSDEEP
12288:3MrZy90oLn5mW+xggEhkbXsbF8QqVUbx3KE:+yL5mRxgGzKynVex3B
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1