Overview
overview
10Static
static
300dd845a27...d6.exe
windows10-2004-x64
100e4f6fa259...f8.exe
windows10-2004-x64
10160cf91bb4...9b.exe
windows10-2004-x64
102469003f42...fb.exe
windows10-2004-x64
1037d87e8c1a...0c.exe
windows10-2004-x64
104c3f025b17...a7.exe
windows10-2004-x64
104de214f155...f2.exe
windows10-2004-x64
104fe5ee134e...25.exe
windows10-2004-x64
105bc4a6b3d5...f6.exe
windows10-2004-x64
1062325240aa...fc.exe
windows10-2004-x64
1077ac4e5ef8...53.exe
windows10-2004-x64
1078a2f3c49d...66.exe
windows10-2004-x64
107c1372b4b0...fc.exe
windows10-2004-x64
107cd3eb4cd6...0e.exe
windows10-2004-x64
107dee432d6d...a7.exe
windows10-2004-x64
10a277894fe9...7d.exe
windows10-2004-x64
10cd0d56c5ce...15.exe
windows10-2004-x64
10d304eb3331...e2.exe
windows10-2004-x64
10d3dd28146b...8b.exe
windows10-2004-x64
10ece19c5d5c...54.exe
windows10-2004-x64
10f9789caac1...5f.exe
windows7-x64
10f9789caac1...5f.exe
windows10-2004-x64
10General
-
Target
r1.zip
-
Size
16.1MB
-
Sample
240522-xhdc8scf3z
-
MD5
d23a93b6206ba5a3472258445859b9a2
-
SHA1
19e3e3374e55609e856a960a941acf41449b9d87
-
SHA256
fb68898fc1ee1968d2f438649408cbb8854551c7efa6458a5175c462f02fda63
-
SHA512
320548fff8398a5f5702b196d8329dbdd72eb2306debb4f73fc85bb5cba8362ae6a02a126c1fb9932c8818a28fc0dc93a9493daa16aa1f04ba483c49789513f5
-
SSDEEP
393216:znlcSsTBFfpqYrFSUpD/Gx1EIi1/siPSbEgDSoIQ7bz:bSSsdFfpf4UJ8O31wxDHtbz
Static task
static1
Behavioral task
behavioral1
Sample
00dd845a27cdd6a841129f3f25bc36fd11c64b769481d2a584164a99fbd2c3d6.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
0e4f6fa259d45f6b8b8d2e708ff9cac68a58307c15686d384502402302d450f8.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
160cf91bb49336d03ce250710ca49b29f76f5f8f37ef5aafda22ed8e547bed9b.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
2469003f42fad7f59b70f7ba006c65ee5db3798dfa579f761b047cd449e394fb.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral5
Sample
37d87e8c1add733f6b0f726eb97fd64542de486c7b60c80ffabe798eb6c54a0c.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral6
Sample
4c3f025b17ec1550b7a07d7cea6744acb261f9a5de6fd780bef377978b6b2ca7.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
4de214f1550efd374ec68367fd536997f015281d98450fd9bab8a16d5fce87f2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral8
Sample
4fe5ee134e6a340110e2fe9b3471372154b727e90d980f5660e2c7d24f779f25.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
5bc4a6b3d5d850441455c1201b411fa16528c9d21a13517fd2f373d1536d57f6.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral10
Sample
62325240aae3c7c9afa8a69fb248924b6c42b1aa556bfb2b52c84490eef10afc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
77ac4e5ef850f053915a6aca7fc85f62c897f29cc6bc77bfbb192062c7aa5053.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
78a2f3c49d7778a1b4924bb7355ccbbd6bbeeef4a1876c8a4fd0f6f984769466.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
7c1372b4b0e76a7d202143cbcc40dce411a401341f2168aef3204cfc9f9da9fc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
7cd3eb4cd6f49efea0958d092cf89c4360141c9e96cf89f3bd4042291e628b0e.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
7dee432d6dab18e0292eb8319fa33010db26568b716e784875a7bd4e9ea455a7.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
a277894fe9048cd5fca86a41cd15d3ca798f15ec412ab35d84f136d39597b97d.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral17
Sample
cd0d56c5cef765fb6cc44988f16cfea540a6eacff2349df1adde54d8bdf0ac15.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
d304eb3331ed5f7542898adf235b0119e5ae9bf4622b4c36147856e87a8ec8e2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
d3dd28146bf63b331c212ebde477e7662e2106b598849cd8a25001adc825728b.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
ece19c5d5cfa838169dfe734221c3efc216214049218bf9ed62549dcc068a854.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f.exe
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
redline
kinza
77.91.124.86:19084
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Extracted
amadey
3.86
88c8bb
http://77.91.68.61
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
horda
194.49.94.152:19053
Extracted
risepro
194.49.94.152
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
04d170
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Extracted
redline
@vidradom1234
94.142.138.4:80
-
auth_value
f6e0be4e7ddc7c0185ef8d636b4e28cc
Targets
-
-
Target
00dd845a27cdd6a841129f3f25bc36fd11c64b769481d2a584164a99fbd2c3d6
-
Size
815KB
-
MD5
1bbc286e0de70ea93a2d22382215cb6f
-
SHA1
998f8216681b836c1c9995ffd0d617d0259fe94d
-
SHA256
00dd845a27cdd6a841129f3f25bc36fd11c64b769481d2a584164a99fbd2c3d6
-
SHA512
2ea1320c1e37907e97c4247b29c9723005bbf6c32e19aaac53d4f61e4c78ad260f811af031bee40cf519855f256cec7492c27988f902137c9a537df6b8f09175
-
SSDEEP
12288:GMrgy90z+CjW5ZWOWEUTi85pVWgy4Bu8CixTSidrx1JzKHY5sLdVWcjKapw/CJ:ay6+sW5QpJvLy4Bjx5xbELORaGe
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
0e4f6fa259d45f6b8b8d2e708ff9cac68a58307c15686d384502402302d450f8
-
Size
762KB
-
MD5
7552519f9996f9c76b4162aabc6f39dd
-
SHA1
74e8494962b80dbe582f10c4ac392e91b67c54f1
-
SHA256
0e4f6fa259d45f6b8b8d2e708ff9cac68a58307c15686d384502402302d450f8
-
SHA512
290e4daa6c737ba8eaf8e416257263a346054f48758b9324d2ce302fc1860b1d7545d00e4ac93637b92849a64939455953c2795ffaea559df0a09a878f990e66
-
SSDEEP
12288:JMrPy90ST157TEsGSsGzE0iIRF/qONhX5jtAh7WpBQnzxsVkXkxcCdnIfY7:myVBqS+NWgONhXXOq/OzxsVykKSIg7
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
160cf91bb49336d03ce250710ca49b29f76f5f8f37ef5aafda22ed8e547bed9b
-
Size
503KB
-
MD5
1cdcd0418b5ed6de8f5ce0e268c264da
-
SHA1
5af6604444d6a85e87847fda3197b156aa18b2ab
-
SHA256
160cf91bb49336d03ce250710ca49b29f76f5f8f37ef5aafda22ed8e547bed9b
-
SHA512
b43523de650f5ab97079966778997fe6f3b4129684110463d40e2d077038156008ba9071e699d3711bbd503e4c43929945b3d862f9c28aa71ac3b948316f597b
-
SSDEEP
12288:jMrHy90TxDvhnlYPLgRtFyGjKCufuntSdGIOPd/k2yHsvcIXm:YyApBlYs5y3+tSAIO5jzvI
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
2469003f42fad7f59b70f7ba006c65ee5db3798dfa579f761b047cd449e394fb
-
Size
600KB
-
MD5
92caeb092fe661984d6b5938db1e3d2c
-
SHA1
aab1602e93402605ae2f28b22ff993873730532a
-
SHA256
2469003f42fad7f59b70f7ba006c65ee5db3798dfa579f761b047cd449e394fb
-
SHA512
76aeb5a9753b57d6cecc4474965e0a623ab13ab5ca9439c2ce2d43797afded16c738fb0339789edf61bf6ce59c7df884ed120c57c1ed29536643d3df8be638f9
-
SSDEEP
12288:JMr+y90odZgZUSkyiUAl6cKF/e7oVrKRQEXFp7GDlSAEkObTn94b:fyhrPqAQc2G7oNKeEnGDQMOd4b
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
37d87e8c1add733f6b0f726eb97fd64542de486c7b60c80ffabe798eb6c54a0c
-
Size
1.1MB
-
MD5
2c94ca6b9e68f23873d291cc5de452d7
-
SHA1
427dd5a76b3cc7cf997f49fc699a9c37a2a90298
-
SHA256
37d87e8c1add733f6b0f726eb97fd64542de486c7b60c80ffabe798eb6c54a0c
-
SHA512
21c5fc9e942ad544132204ac52853f49f1c895e82f9caef58c85c72bcfd463911e7feea071b6caa8c5c0f691c12c660d3509ccd3de49df25378a818cf122e174
-
SSDEEP
24576:Vyh2xPiliqDSXAwlKOiht4hZu78PnoF2rRCft2:wUPibSXA2Kpt4hZBPnoF6kft
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4c3f025b17ec1550b7a07d7cea6744acb261f9a5de6fd780bef377978b6b2ca7
-
Size
1.2MB
-
MD5
dcd9239b4bb709fc94e727b9ee27967c
-
SHA1
8ef4e373ab58a741760183d789277198dfde7ba9
-
SHA256
4c3f025b17ec1550b7a07d7cea6744acb261f9a5de6fd780bef377978b6b2ca7
-
SHA512
1c9d81725cbf5b0eec0ca4c2cd61b4e9d0da644dc6c8d64877c46f11a732f4d3467f212065eef436c9892872a832b865d7d5489a7eeeda90891330ebce036ae0
-
SSDEEP
24576:AyUqqXwz+yZ7ocKLgR86dxL5R44FKMeeJ6qQp+iRCLP8rxk8T1fxg+n4GA:HUXwz+yZUcKLgRFdxL5WMeeJo4LEk8TX
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
4de214f1550efd374ec68367fd536997f015281d98450fd9bab8a16d5fce87f2
-
Size
507KB
-
MD5
cfafb3b6f16b43df024f7f40e7c6ee1a
-
SHA1
30f47ba6243552d59893105bc8e90497368b3853
-
SHA256
4de214f1550efd374ec68367fd536997f015281d98450fd9bab8a16d5fce87f2
-
SHA512
a7a08355147e240c7030614fe9e220a0f2fd096b298ccc42816980d475ca46d53f17d5b3ed41037902646f4a84e365b24eecf91e9755fcddb119d59918561797
-
SSDEEP
12288:ZMroy90Gmlxvyy4NY5wERz11xDb5/DgDQkYHQl4X:RyfQ4y4WLz11xDb5/DgD2X
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
4fe5ee134e6a340110e2fe9b3471372154b727e90d980f5660e2c7d24f779f25
-
Size
1.1MB
-
MD5
151af4f44e3d6b1ac8116b1679624dee
-
SHA1
dddcc75275ace2a92c71c3c9d2becfeb86fb4ce1
-
SHA256
4fe5ee134e6a340110e2fe9b3471372154b727e90d980f5660e2c7d24f779f25
-
SHA512
ca05d5b82d1cdb202288f338e4eaac950fe26cce01c5ce2bfbc67a27ea8e476893b6fc59393aa942b57b4fd4ee89b1124fc9029c13bc7eb24f7fe725ced77c5c
-
SSDEEP
24576:Fyz+Ur2zG77uKCEAJM4lNvgEiew8fqAuEPeCuw0XJ/KrdMNszXwqs+1:gMzGPuKCEAJJl8Wfqcz0FqdMObwy
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
5bc4a6b3d5d850441455c1201b411fa16528c9d21a13517fd2f373d1536d57f6
-
Size
812KB
-
MD5
659d8ade6c93a41292e60a3cf24aee6d
-
SHA1
57c08365cbed71bef5b3ff3f38fc45354f8bb7bf
-
SHA256
5bc4a6b3d5d850441455c1201b411fa16528c9d21a13517fd2f373d1536d57f6
-
SHA512
e29e7ee9dc4482c300081c2cba82f48332b6e5b425d8e99c24f8f2e1d265353d014bf23d05787a55db862bda8d424aae5bb85058cc376735065f3a7822c0244a
-
SSDEEP
12288:yMrSy90bdcddavTH8ZUjqb9FamNPyEkqno7WLzSAYDbDnKoCVrzoD+HK:UyAuGSIeRSqnocgbneVrz+
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
62325240aae3c7c9afa8a69fb248924b6c42b1aa556bfb2b52c84490eef10afc
-
Size
1.5MB
-
MD5
769c5f3bb0882e4699008264e30d36a1
-
SHA1
6f723c5ab29eb3e7300d51f736c5be4f39cb0060
-
SHA256
62325240aae3c7c9afa8a69fb248924b6c42b1aa556bfb2b52c84490eef10afc
-
SHA512
33a36445bca5c6afbb1fa03b88ebb932560c61966e3b9dc480e72f52775d49141c292221ecc403471dbaf891417cc10e6a821bc40cb4474075d5406d52141273
-
SSDEEP
24576:IyIFT2Rph5Zm9B6zpHDDI/hdhEIOTYRqpQy165616OKXwzxYlUdA1LZFPwi+Lmu:PIQp/Zm9B6zZDDU1EhlpQyR6OKAxlAZ4
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
77ac4e5ef850f053915a6aca7fc85f62c897f29cc6bc77bfbb192062c7aa5053
-
Size
572KB
-
MD5
1ac19b91e5253c091061691c660c70fb
-
SHA1
7b113146e03c198d1cd4a7b1d10c2dad5bb6a909
-
SHA256
77ac4e5ef850f053915a6aca7fc85f62c897f29cc6bc77bfbb192062c7aa5053
-
SHA512
6ed54774d55e8fc33480a56533c43f8eeffa64c225832e9e7aa932566c66bc80a0c1b9cf95db749f2a024316d57779255659151a483d7c5acc9c24e483e6af08
-
SSDEEP
12288:6Mr9y90/DGsxoXIq17/+FrSBIEBOFgJdHsKPdg54J:HysGwo4cb+dSOA7rPfJ
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
78a2f3c49d7778a1b4924bb7355ccbbd6bbeeef4a1876c8a4fd0f6f984769466
-
Size
234KB
-
MD5
61fc72539e72e9767140cd73f0f9edb4
-
SHA1
dd2acea4ec7fa4ecf3fd5e1975422dcbf80e52f2
-
SHA256
78a2f3c49d7778a1b4924bb7355ccbbd6bbeeef4a1876c8a4fd0f6f984769466
-
SHA512
fc52f681316c1b1bd80f128e63eadd709ec7465b9f3c9d6205d40c20520c5bc2b896866e9f2f25adb1cd276b53f3bd12a07042c574128ad7c9dadd97704f3d1a
-
SSDEEP
3072:KEy+bnr+O1n5GWp1icKAArDZz4N9GhbkrNEk1+6D5dMOt7WQqounTUok:KEy+bnr+Qp0yN90QEPzDQqom
-
Detects Healer an antivirus disabler dropper
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
7c1372b4b0e76a7d202143cbcc40dce411a401341f2168aef3204cfc9f9da9fc
-
Size
1.5MB
-
MD5
cac5297462d6e1dfd40d458d6d59823f
-
SHA1
0d28c9fa7ead0dda4e3e50d50ad2261bafbc541f
-
SHA256
7c1372b4b0e76a7d202143cbcc40dce411a401341f2168aef3204cfc9f9da9fc
-
SHA512
b04ee15a4124fc1efa31e8ee73eb36676db44e5d5f4f7c6db807f846efb7ca9e3f5686e3a77f40253f5c84b910ba80219c7d1c5f1d61e7e2ff62e63fe5c4109d
-
SSDEEP
24576:myzAp59zdpCTo+EZ9GucVMfluA40tD+RS8JW8VhpvQlzLHkx4hfO2P8Cyp:1y7CMlGuIF4rNqS9HkKhfO2P4
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7cd3eb4cd6f49efea0958d092cf89c4360141c9e96cf89f3bd4042291e628b0e
-
Size
437KB
-
MD5
4706f66d2e76da2ba34e3bf258ffba15
-
SHA1
ab71090e08967118015963985f2f1df2c603f1f3
-
SHA256
7cd3eb4cd6f49efea0958d092cf89c4360141c9e96cf89f3bd4042291e628b0e
-
SHA512
9ae987c7af0509c9ff0d3cef44eab0a8499f930b42a71183306a081a66fd5b128c8a3508dcad251281a7bbcf2cc0154a6be44d64bc47e80c46afd972fac58790
-
SSDEEP
12288:9Mrfy90uxpbCC8SLD5x/rKR6EXYp71uwXC:Ky372C8SLD5x/rKgEA1uwy
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
7dee432d6dab18e0292eb8319fa33010db26568b716e784875a7bd4e9ea455a7
-
Size
373KB
-
MD5
15f157c29571d8a426e4390328ff5f53
-
SHA1
ca91bab592cd28579d4ecb2aaaf6bb2c9c607e38
-
SHA256
7dee432d6dab18e0292eb8319fa33010db26568b716e784875a7bd4e9ea455a7
-
SHA512
d29be9762844647d70ded8bc115b5c83958d3f087155b2e027e2d94e85c3e0d3f473fa90b1659b706211a6495889fc4dca6861ff33dc8e58c65918425ee4a3ef
-
SSDEEP
6144:Kly+bnr+fp0yN90QEjVss6d52jPjeK3GwVxAIoqTP/LMAWREa2NXy:PMrTy901+1d527xOqnM1RF2Ni
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a277894fe9048cd5fca86a41cd15d3ca798f15ec412ab35d84f136d39597b97d
-
Size
831KB
-
MD5
85e4a0f5a6136ee4873a53af1f693ed0
-
SHA1
c8295b1ef666acdb88a5e320b5a1d70eeb17d96b
-
SHA256
a277894fe9048cd5fca86a41cd15d3ca798f15ec412ab35d84f136d39597b97d
-
SHA512
cccfff50a1c9736573e80e7d66991930ffd0a607441e2bba89a61a7e5860d31494475387068895ed0f42d05251ece93f599f78ef325c62db1c04170099243c7c
-
SSDEEP
12288:wMrNy90oQfovlCb2GmvXKcOr1+JTWZx2LufAKuBG/Nw8SjKgpJlGRqMul0CX/Qmd:tyPQfoIO6cxWZxuBHvb+qMuJPSzk7
-
Detect Mystic stealer payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
cd0d56c5cef765fb6cc44988f16cfea540a6eacff2349df1adde54d8bdf0ac15
-
Size
1.1MB
-
MD5
27af7a4c719af0f00736750684474c33
-
SHA1
03e8e393f661280826fbc7e7576e584d0f3a9113
-
SHA256
cd0d56c5cef765fb6cc44988f16cfea540a6eacff2349df1adde54d8bdf0ac15
-
SHA512
17daa6adef43ef520e97df98ce819c87bdc5a0c093233a6bfab264a16d7ba6fe6ba9fa5a9e00506de4b1fb0aa937efe388943bfdfe67c47c06cbaf31fabc53a6
-
SSDEEP
24576:ry5DLDF4WsVdsl323tNupeEC4MI7WkuOUgyYKT57AZ5FG:eJLZObx3fIe6fykuN37APF
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d304eb3331ed5f7542898adf235b0119e5ae9bf4622b4c36147856e87a8ec8e2
-
Size
433KB
-
MD5
50b9db4007c61b38b491d12f1077842e
-
SHA1
681f65edc9f027e30d2e2a852bae01699270039a
-
SHA256
d304eb3331ed5f7542898adf235b0119e5ae9bf4622b4c36147856e87a8ec8e2
-
SHA512
77f3bc841d1e8f135e9cc3b443da58ce96bb567bf108dc4ef40ce9289c5fc92b7101bc77128158204f8eec03c6fd390bc65c19b3d1e877aaf817d2afae62e1b0
-
SSDEEP
12288:FMrKy90UBVIk3ZX7/PWuhM8O8zhs2SzgdYk:LyFBzi8Bf2k
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d3dd28146bf63b331c212ebde477e7662e2106b598849cd8a25001adc825728b
-
Size
809KB
-
MD5
0916237eabab44bdebdaaa534e5b0044
-
SHA1
0f91723a69badda61451fdad109d59c3ca65fd67
-
SHA256
d3dd28146bf63b331c212ebde477e7662e2106b598849cd8a25001adc825728b
-
SHA512
8d1aeb276067c925e6963d73f57f2b14d805bc94cdd1dcc36a4bd00412b4b6c83c3a63fc18ba0a715005a2e7e7016de3e9261e062e9ac31c7692226211b3f0e9
-
SSDEEP
12288:YMrWy90qF5sd2S/bMJHsA+43dFUwnHAjGqnos9rW3m47uO4H73IK1fC2rca2hzG:uyEoJMAD6vyqno5WZZ7YEC6R
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
ece19c5d5cfa838169dfe734221c3efc216214049218bf9ed62549dcc068a854
-
Size
1.5MB
-
MD5
ec417563dcc0b40dd4df530fab086b34
-
SHA1
0fbbdc8e4d8d4f002bccaaeeaf45a4568a951e5d
-
SHA256
ece19c5d5cfa838169dfe734221c3efc216214049218bf9ed62549dcc068a854
-
SHA512
384cd2c4f9e2d4e320522be0e2acf107706f601fb253ca88c2945b68d3acfe31fcb9311d64bda686b6bf397877825cef5a30dd3dcf7db4433470ed3e49cd0fbd
-
SSDEEP
24576:RyE/0Wzk0wwhw5K+y9iSn5PJvsH4UDlKl3YxFhSmCBwRe0MrQUlzpn/U5:Ec0WLwsd0XH4UQoxF0mkwqrLlFn
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f
-
Size
1.1MB
-
MD5
1e6fc45ebea637f8e630dda82edcb3fa
-
SHA1
384d3a1238ac6f97f3d1ac42715e8f16f59ac18a
-
SHA256
f9789caac1d5ebec982c1e56156eeaba9635c705104c77a48602d2aa3f43635f
-
SHA512
cf11c0b07025936316bc17d3b227e6d28630f47cbb5cff1ae032b0b2e0d2ddeda0f54d27ba2b2e030645c3f90a0199e44072d4a63cf25cda2428b2e34d0956ec
-
SSDEEP
24576:yJCp+zNkHOvnDUDuMJth9SHIP1DuGpDYpk:yJKHOvnDUDdWU1
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Scripting
1