General

  • Target

    WEXTRACT.EXE

  • Size

    497KB

  • Sample

    231231-fbpdgsgad7

  • MD5

    b86c688c83ea1a7fd4f3c0030ea16dd0

  • SHA1

    f3f0c529bff95b9d8eab4b3b34255d056cac6952

  • SHA256

    bdc94c688a45edd35d57b114679ba844194daf1026f3abf5b8f1223c8d6ff47c

  • SHA512

    a140ce40462f355d721543e02a44cc759c9ae095b6b2f002046633dfa9fdeb48373d0cf945049379f5bcfe3df5ae04e2acd1ed36d68f6a28db3c66713fe79a30

  • SSDEEP

    12288:3MrZy90oLn5mW+xggEhkbXsbF8QqVUbx3KE:+yL5mRxgGzKynVex3B

Malware Config

Extracted

Family

redline

Botnet

stas

C2

77.91.124.82:19071

Attributes
  • auth_value

    db6d96c4eade05afc28c31d9ad73a73c

Targets

    • Target

      WEXTRACT.EXE

    • Size

      497KB

    • MD5

      b86c688c83ea1a7fd4f3c0030ea16dd0

    • SHA1

      f3f0c529bff95b9d8eab4b3b34255d056cac6952

    • SHA256

      bdc94c688a45edd35d57b114679ba844194daf1026f3abf5b8f1223c8d6ff47c

    • SHA512

      a140ce40462f355d721543e02a44cc759c9ae095b6b2f002046633dfa9fdeb48373d0cf945049379f5bcfe3df5ae04e2acd1ed36d68f6a28db3c66713fe79a30

    • SSDEEP

      12288:3MrZy90oLn5mW+xggEhkbXsbF8QqVUbx3KE:+yL5mRxgGzKynVex3B

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Windows security modification

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks