Overview
overview
10Static
static
30805913f50...13.exe
windows10-2004-x64
1011eba51293...3a.exe
windows10-2004-x64
1017a0568b20...3a.exe
windows10-2004-x64
10346c46bc82...26.exe
windows10-2004-x64
104867af9d5d...1f.exe
windows10-2004-x64
105f2f269e1f...9a.exe
windows10-2004-x64
1064e73ef21d...a1.exe
windows10-2004-x64
107c556f6f80...61.exe
windows10-2004-x64
108c970cc94c...d3.exe
windows10-2004-x64
109296923f57...24.exe
windows10-2004-x64
10ae96a881fd...69.exe
windows10-2004-x64
10b150b2b6ed...d5.exe
windows10-2004-x64
10c1b0ce286b...51.exe
windows10-2004-x64
10c1d1b117a2...35.exe
windows10-2004-x64
10d876400b35...04.exe
windows10-2004-x64
10eb3bd6af82...52.exe
windows10-2004-x64
10eb7c2e9dc2...28.exe
windows10-2004-x64
10ed2eb0d5dc...bf.exe
windows10-2004-x64
10fc2a396813...13.exe
windows10-2004-x64
10fd4ce916b7...90.exe
windows10-2004-x64
10General
-
Target
r.zip
-
Size
13.6MB
-
Sample
240522-xe6wdacf54
-
MD5
1cb3243679c7fcc6547d31e58c0da5c1
-
SHA1
97a2fbb77a46a63d238cc017c25c41a39c8dedc3
-
SHA256
692e82b585be9ac7cc8c88f2eeb475fcf42fed96a7b5572934f45018a5f7f2d1
-
SHA512
1915df86a46396b5d93cd42fe5c2af09b3c1cf79282b1b7f7a3d50cf4cf2b55b274d55b2b50512c3317a50a5157afef047b8114ba92fcf205dfa460a883522bc
-
SSDEEP
393216:/OMQBSD+4uxkFBZ7ahGZ/WHoFZdJlS07+oAVmbcm8bEXReHeq3U0+cS:/OMQBBgVahGQiJlJ8QMXRw
Static task
static1
Behavioral task
behavioral1
Sample
0805913f5039b1097cf6d0b178560036e0b99e52f86b3990bf7bd4b663d15513.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
11eba512939d3d17bcd0d5543f3a05dac69c96858fbb7120b8802814391c413a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
17a0568b2023370d14f35371e9d7c372589b91d4098eecace76d78c9a7587d3a.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
346c46bc8283ae44fe76d91bebdf5c933515cb6b55b0e4f1dd25ca7a64a0a726.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
4867af9d5dda04a5ea012b876f663ee94f708e52fd230c829517d4b2b83e9d1f.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
5f2f269e1f9905fb92ad987badd2a5b73d7a44e072d374b4e040c95e30b5c69a.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
64e73ef21d2b9d5819334be729f07ac670e6fa83111bc1b666abffc261bc2da1.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
7c556f6f80bf250c2ce70d007250b6906c79d457969a75a3f17dc9885daf8761.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
8c970cc94c6aab0b503af6d60e60f5c6c870576c82be9233ab884894899a97d3.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
9296923f571779b37e571b296a597c9c5eb71a0a616bfd3ddab9f7d20c509c24.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
ae96a881fddd0471c5a462a0b27848d72c34ba866c6061e0f84ab3a1097a7a69.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
b150b2b6edd507299c5ac9c6a165df425596a5b2a6f78c7ee7594e3f19a28fd5.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
c1b0ce286b7a31d1ab1a8fca661afccb95aaaf56a8fa6b4a311da0a284b09351.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
c1d1b117a294542d27caa4ebc382b5fc76b02e11a9e65fa6db0a33433cb6e435.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
d876400b35d912e211572e1acd02738c757f24f8adf82ea7ac3ce91f74c8e404.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
eb3bd6af828d49516b571018684b6f164a7f79bb71c38674e37a085ab5813352.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
eb7c2e9dc2416d5168ea11cdee85ea662e4aa32921edbe521787e1a7dcc79228.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
ed2eb0d5dcf8c04d4b8381812154164abb842db1d4f3059e6d7d12293004ffbf.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
fc2a3968133c3c96ae55dfdd56ca5b4dd51ed30658a98d55193b96e1533f4013.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
fd4ce916b77ccd6023667af48e2052df3bebb66cde59b34f1002b2799e6a4890.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
redline
kinza
77.91.124.86:19084
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
0805913f5039b1097cf6d0b178560036e0b99e52f86b3990bf7bd4b663d15513
-
Size
1.5MB
-
MD5
99fbd30f8f297404375178545e9a5671
-
SHA1
eb2faa70c32320bdfd5bab75e879a2883bef1f59
-
SHA256
0805913f5039b1097cf6d0b178560036e0b99e52f86b3990bf7bd4b663d15513
-
SHA512
e30e2053d363b1eedec5a5493e4304b18e1418944ce5cea2dd1336bdaaff621e86b29877189b383baaf64987099cce625f12785b690c63ae284179aacd880801
-
SSDEEP
24576:dy8BJhfdaB7d47P6cDYqgmrw5dR9rYT1gIZU6G2U/RbQ6LoEWklTHDv+oR9efG9:4ugB767ScD82w/R2Tj7uGZEWk9zHjc
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
11eba512939d3d17bcd0d5543f3a05dac69c96858fbb7120b8802814391c413a
-
Size
609KB
-
MD5
703253f6264bc91569813f4a823cd21a
-
SHA1
6631769e1f66e381737de8b3c2fdd6ab066e9e57
-
SHA256
11eba512939d3d17bcd0d5543f3a05dac69c96858fbb7120b8802814391c413a
-
SHA512
b41b64fe7c5ff95253e8b1130b19fbc330a87559dd1dda8df1ee265dcb0c2fe5ec07d2e493db360c09c3ba67b0bd79e412dee1157f25a9ea6187e01364fb6645
-
SSDEEP
12288:EMruy90TI/OchkT+nMNtFyGjtCVfbyt5YyQc3kpU36vaMfxcwRKQP2:CyAoHh9nwyP+t2Q3QJPJV2
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
17a0568b2023370d14f35371e9d7c372589b91d4098eecace76d78c9a7587d3a
-
Size
604KB
-
MD5
4a49f25c21c373471295f4badcee8cd5
-
SHA1
dc1871d02c5f5af9ae2a0e24ff0c1cce6ef48b58
-
SHA256
17a0568b2023370d14f35371e9d7c372589b91d4098eecace76d78c9a7587d3a
-
SHA512
95261235a51c77f85d1751907cea517529a9bc6179af76ab2c494ff2f702cf265f8bee8fb60b74ab7bb8094432fa9572bed065078a133480ff3c93069347d69c
-
SSDEEP
12288:hMray90lso2v9t6ehpXEtFyGjjCYfHGp1Pu5UJK6PYwqbPa3Vr:vySX2v9t6lyGmm5UE6PYPbSB
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
346c46bc8283ae44fe76d91bebdf5c933515cb6b55b0e4f1dd25ca7a64a0a726
-
Size
812KB
-
MD5
79983cb4cd4ed44124acf90324aab153
-
SHA1
95cbc2ecd9756f962ec62f265dd70b37efc50fe0
-
SHA256
346c46bc8283ae44fe76d91bebdf5c933515cb6b55b0e4f1dd25ca7a64a0a726
-
SHA512
a2d737b6436c7550ed5d3f2c8d3cd06f21b019613ea71791f9b9f519eeb54e9c2ac0a0290577c86f2afe56f81161dfb981dc00a8e2483ad152b4e3784fc9ba63
-
SSDEEP
12288:0MrEy90SXhiDq45nmnagUKW2WjcYOTDXKznBc6RZkReqPNgUnnTwR:QyNq3ma+sLAuBc6RkeqPNgJR
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
4867af9d5dda04a5ea012b876f663ee94f708e52fd230c829517d4b2b83e9d1f
-
Size
582KB
-
MD5
d65b8e601b5fdb8b40ea6d22fd7e47eb
-
SHA1
e17ef0d987c09976de4825f1a21113b6924a580b
-
SHA256
4867af9d5dda04a5ea012b876f663ee94f708e52fd230c829517d4b2b83e9d1f
-
SHA512
7978421c2c01dc1a1a4cea13772b526dbc69f6b46dd5c2b5e4ab4dd6768edde078f0b1a2816097bfa9e4bdbd5f94b2187cc322511001025364fad40cc034590a
-
SSDEEP
12288:FMrxy90Ydrzg5EyOuXQCRKR0EXVp7lM1aoxCTKx:EyFdvCEyuCRKaE3l7oGo
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
5f2f269e1f9905fb92ad987badd2a5b73d7a44e072d374b4e040c95e30b5c69a
-
Size
912KB
-
MD5
5f4de66cb9b1568753b8a44fad14b23e
-
SHA1
e2c294ab014a574e4b8ea8d65f2ae46af5f3713e
-
SHA256
5f2f269e1f9905fb92ad987badd2a5b73d7a44e072d374b4e040c95e30b5c69a
-
SHA512
acd31c122a20e8a77ab2f170f783679a2924d1dc958b32f384474590a0ea90c525976ce1c7ccd5be82098d2cee90bbfc9293ebae89a86fe3919ee929cd2265e0
-
SSDEEP
12288:hMrMy9025kLy2eMdZp7L5QvRc/3aVqtmikIDH3qh5LAYUKEnIqHF+x7SB/h5vs6:FyT5tAf5Qk3CqtwUa/LAHn1HF+1SB1
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
64e73ef21d2b9d5819334be729f07ac670e6fa83111bc1b666abffc261bc2da1
-
Size
563KB
-
MD5
b1cad70cea703c95c6bf90d74c4bfd89
-
SHA1
1a08e9ad7c417a5011915ccda1a1ec130cd7d3ac
-
SHA256
64e73ef21d2b9d5819334be729f07ac670e6fa83111bc1b666abffc261bc2da1
-
SHA512
4f7c7367da4b3009f5f1691832f88de0a7df9103ba16ff43c92fb3d0eec813005a6f6f31e0b3853b2ce07e2d5c9d0be331f1e60bed9bf8f3b3ebcbcab9a4b2de
-
SSDEEP
12288:KMrxy90uoiqvTegFhHXzNOI+74h82WRiHJ1CVVVV:nyKEgXHDNn+487Ry4VV
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7c556f6f80bf250c2ce70d007250b6906c79d457969a75a3f17dc9885daf8761
-
Size
319KB
-
MD5
6d8e57ec9fb40242960e48d22f43a496
-
SHA1
bae3e231233d07ab1aa2262999e1934666a1a79a
-
SHA256
7c556f6f80bf250c2ce70d007250b6906c79d457969a75a3f17dc9885daf8761
-
SHA512
7f411509e2a98d9fbd24805093b3cdecfaa0c2d16b7dc579b1fa1ec5b32786a796c1ccec4cd04078592954680dc9ce6638eccb2b51decf5ce46b6277f87458b6
-
SSDEEP
6144:KLy+bnr+vp0yN90QEzrKEP3ve7yRfsK6KRFjEXtaBv7FlbeVeR4No5/Z:pMrvy90BKU/e7RK6KRdEXYp7f6VG4N2Z
-
Detect Mystic stealer payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8c970cc94c6aab0b503af6d60e60f5c6c870576c82be9233ab884894899a97d3
-
Size
476KB
-
MD5
d102d74d723e6d923e01415cd5ad000c
-
SHA1
4915d3a0cca73089132731e78c415360fcbbedf0
-
SHA256
8c970cc94c6aab0b503af6d60e60f5c6c870576c82be9233ab884894899a97d3
-
SHA512
1f73ec48b7e6a36fab172c4d35345b23bb43ff69231f6c1606b239e6398ab3cedcf7b2a3b12b7ee5b2a05e811daee5d21b12693e4d06139cc6d8194cef9d33fb
-
SSDEEP
12288:8Mr2y90RhNlSVqPwTdRWKREEXYp7+dwu2bWN:ayOlStHWKaEA+yu1
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
9296923f571779b37e571b296a597c9c5eb71a0a616bfd3ddab9f7d20c509c24
-
Size
662KB
-
MD5
ad556af301bc23d9d68e88347510597a
-
SHA1
33c98a0a8322aa276c825a76dfbe90eb89adb0ed
-
SHA256
9296923f571779b37e571b296a597c9c5eb71a0a616bfd3ddab9f7d20c509c24
-
SHA512
13b7701cdd1b901df94c7c4dafb68bd37949c822aceb29aa55d04bb5084772c9886f9e8de81e4ed221cfb6c44fa101f395120c02d520fc9fcf03e42e2b80303d
-
SSDEEP
12288:3Mr2y90oQvlJuZN/gE/AT4aV+nD/xybAP5fI8CR5dXyALD8J0v:RyRQvlcND/AT/V+tpP5fVCjdiALYJ0v
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
ae96a881fddd0471c5a462a0b27848d72c34ba866c6061e0f84ab3a1097a7a69
-
Size
277KB
-
MD5
7914d68695cc6f54cb467bbd1ea1b980
-
SHA1
a44f0dcc322e4cddf86f087ca9b97b7c44fd6091
-
SHA256
ae96a881fddd0471c5a462a0b27848d72c34ba866c6061e0f84ab3a1097a7a69
-
SHA512
644f90613eb98fe37d95d215271f468ffce81bf939000b9acf5479ae8a8d2668202da25ebab5df1095349bfa3ab650cbfdd2a723f9e3b5bbd3bb7be8471eb07e
-
SSDEEP
6144:K6y+bnr+Wp0yN90QENekbA4OPoMeP90Rk7WD6:GMriy90vekbLOQMeP+k7WG
-
Detects Healer an antivirus disabler dropper
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
b150b2b6edd507299c5ac9c6a165df425596a5b2a6f78c7ee7594e3f19a28fd5
-
Size
845KB
-
MD5
48567c75c4c768747990b660f8c98486
-
SHA1
c5d74fb54ab54eb6097414ab1a4c3f80481dfdbc
-
SHA256
b150b2b6edd507299c5ac9c6a165df425596a5b2a6f78c7ee7594e3f19a28fd5
-
SHA512
352575ff5f4c3d71905472f5fa1821bd89c0a74f2f66eec4a8529a05ff8155e24fb095fff87c9b425a855f94bd2e29178faa2a8b1bbf4d45c5dce2601f147cb2
-
SSDEEP
24576:wyTGPDzqeWDz0usMLfZU1nloJ6e6uVQgEb:3SP/9+z0usCq1nmLFE
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c1b0ce286b7a31d1ab1a8fca661afccb95aaaf56a8fa6b4a311da0a284b09351
-
Size
600KB
-
MD5
520164b716b018381b9c742d869b32e4
-
SHA1
c106a10d377bf9b4bb5a4fe99565e2a3805eca05
-
SHA256
c1b0ce286b7a31d1ab1a8fca661afccb95aaaf56a8fa6b4a311da0a284b09351
-
SHA512
fa004fa2f7170cd50a2ddca65dc26d9ab732ee6f1db843458215827f5ee26f102730e0bbf616276c42643224eef2205fc4d14238c9838d3cdd5a3c58e9316c9e
-
SSDEEP
12288:bMrRy90DursHSHejS8J0CUKR/e7tRJKRoEXMp71vTkMFnhCF2ZR:+yppH6J1UqG7tXKqE81IMFnhd/
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c1d1b117a294542d27caa4ebc382b5fc76b02e11a9e65fa6db0a33433cb6e435
-
Size
812KB
-
MD5
f5f40df358fb020b709a87b5ed4ec4d3
-
SHA1
7a1412af73b32c7c9a61007863b57f50570645b2
-
SHA256
c1d1b117a294542d27caa4ebc382b5fc76b02e11a9e65fa6db0a33433cb6e435
-
SHA512
f45fd35998f15a6204494bb8e99391571f35e6e4867e56bf78a818062c75942eea2a63cf93df732f7ed0d6eaf79d49e4a165b1b6ad62df994550e57a1125d3ba
-
SSDEEP
12288:AMrsy90fafIyG5ojpCh/IL7ElM0kHP5/rmMsj+IgMcFLzZp1/9mOh8++OM:cyMojpCh/+7C4xrmMi+I4Fpr/kOh8D3
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d876400b35d912e211572e1acd02738c757f24f8adf82ea7ac3ce91f74c8e404
-
Size
812KB
-
MD5
c32af393533d7be2f96748156338d33c
-
SHA1
a58be11608b6f27970a62122c7bb6d4e8536a02a
-
SHA256
d876400b35d912e211572e1acd02738c757f24f8adf82ea7ac3ce91f74c8e404
-
SHA512
9e1f47b3c20f4fa0b0e97758ef702aad9781756266c7c6c8916e189ca00cc477e641524fb84a61b50604adc0e5f231d7a7ca069576dd27631ce1fd58ce2146d0
-
SSDEEP
24576:Uy72IKmbWYfa3qnoWU0+AhWPlWLZJoXi3Om:jyHmb5i3qAn/PcLZJoXG
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
eb3bd6af828d49516b571018684b6f164a7f79bb71c38674e37a085ab5813352
-
Size
645KB
-
MD5
5c7efd9ec3e27bb93244365f3ccf6bd7
-
SHA1
8cff2506763935140038ddfd27738d40ebf05eab
-
SHA256
eb3bd6af828d49516b571018684b6f164a7f79bb71c38674e37a085ab5813352
-
SHA512
ea7f94292cb9c024af86dd3176afb4daa7940d2fc6c3616bbba3d9493251273ab921916a04f6a5fd629a5204199ea9dac8948bd03a5031333773e695bf32ac20
-
SSDEEP
12288:6cMrEy90nyAH07CUhQWRNJcN7MOApGiBg4D/ovR18txF7y+bR6Vq:64y13eUhiPA8iBDxF7+o
-
Detect Mystic stealer payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
eb7c2e9dc2416d5168ea11cdee85ea662e4aa32921edbe521787e1a7dcc79228
-
Size
771KB
-
MD5
593fd33436446b18f88bd2d596dc126f
-
SHA1
1ab1f4b4a6057cf0d51780194be0a4358502fa30
-
SHA256
eb7c2e9dc2416d5168ea11cdee85ea662e4aa32921edbe521787e1a7dcc79228
-
SHA512
92c5f75ae577806092ba01d709b498aa122df86d7bcc6b7b15aee4ff1fc84137309a66fd5a6a66ba9f05c44113edffe4aa6fd81e218f8d4121b2dc0ef4680604
-
SSDEEP
12288:TMrJy90MI57GM5n2MwKciVlDz22oIjdLibc69f44FJ2RHDBUwXpZfSr:Sy3q7GMHfRVlH2IjdO5fHOuwXpZfA
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
ed2eb0d5dcf8c04d4b8381812154164abb842db1d4f3059e6d7d12293004ffbf
-
Size
943KB
-
MD5
6df35c0bf802827179491a87b3fcaef6
-
SHA1
6c11c82d7422d46b4d1e143f25e3ae467c81eb01
-
SHA256
ed2eb0d5dcf8c04d4b8381812154164abb842db1d4f3059e6d7d12293004ffbf
-
SHA512
184e32ed3c876db2b436ed847e6e485fe836ff40ea52bea0d79fa255ebc55e20427ff55dfeb5c197591f29e83565acd533745a0fcd0f59b04e7a153279dc7e69
-
SSDEEP
24576:+y3lCj5PuU09H6ASUTFegI5QEpHUVDus7CY7:NI5a9HHxbUHGRCY
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fc2a3968133c3c96ae55dfdd56ca5b4dd51ed30658a98d55193b96e1533f4013
-
Size
814KB
-
MD5
4527bf2f344a13d6185f1a6da0302c2e
-
SHA1
bd22d40e1536515deab632cec917ae895dd3587e
-
SHA256
fc2a3968133c3c96ae55dfdd56ca5b4dd51ed30658a98d55193b96e1533f4013
-
SHA512
1373be04134192b800c106ba9214941e12cfd6366b97023a07724ab7a86468996509604a20e6284cb5d549d4a4bd5a193e511487a054ee059c226f849f548c1b
-
SSDEEP
12288:kMrAy90Wv+ehdmYET2qlvV1x0nt6o58Q82qcaLRjWwL0Gj4iycQLrZNNqXGl6u:EyLvPhXYzJjTo982v5a0duQLXlp
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fd4ce916b77ccd6023667af48e2052df3bebb66cde59b34f1002b2799e6a4890
-
Size
1.3MB
-
MD5
5bbe0d4d9a0315328670257d051d24ec
-
SHA1
703f9e52cfa0752b6fe32ce544542d41c26f3414
-
SHA256
fd4ce916b77ccd6023667af48e2052df3bebb66cde59b34f1002b2799e6a4890
-
SHA512
346a4a5629c810d01660ca7b5fe27ca96b89df01e8fe8966858538ed64e06b35fc3aa6d4f39b7f2edfcad380e33a0e634d48c7eba4da1e928f6d0fee0644c35c
-
SSDEEP
24576:6ybUKxddkeq9KQxslEr58eZS7EWzWvm9bb+0je8be0QDeBc1:BbZniKQxslE98eZS7LT9b7bCeB
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1