General
-
Target
ac90002ec144a6c8c89c45137265a202aeef6b583cef01223b622e10b4c4b797
-
Size
15.4MB
-
Sample
240522-xq5gpadb32
-
MD5
dd88887c1c2f9e062d4668ab6eeb02e0
-
SHA1
381952d4ee5f134df2d71e41f16257aea7202618
-
SHA256
ac90002ec144a6c8c89c45137265a202aeef6b583cef01223b622e10b4c4b797
-
SHA512
c754be33dd6702503c63cad0ffb63650d815ab32513333932845f6a884a02d5629c2719521932b9609bd321c7495b90a2358f8984abadcb76e7369520f0ea1fc
-
SSDEEP
393216:pMPpU5E7G8xHZ7mGFzCEP5MZ27KHKzCbkbkFTs:gVKI57mEzCECvHKG4M4
Malware Config
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Extracted
redline
kinza
77.91.124.86:19084
Extracted
redline
@youngesstt
94.142.138.4:80
-
auth_value
71ec3d0d54996f30b1d94c74838b6940
Extracted
redline
grome
77.91.124.86:19084
Targets
-
-
Target
06f3c929bab6bc6923c8d8bcc94bb40374b50fbcd1c5bb74105608664f303c53
-
Size
705KB
-
MD5
cefb48c11aee2707f103ac7a34b57e60
-
SHA1
e632e41c8ae408773b48bf5d921dd0045a658fcb
-
SHA256
06f3c929bab6bc6923c8d8bcc94bb40374b50fbcd1c5bb74105608664f303c53
-
SHA512
dc5cc9534746091f3422525c9bc6cf621a357050b5819499592e1453dcd19e8805f32b2f781342e386a1444367971748cd216288785d015ac3f85aa5ab0fa245
-
SSDEEP
12288:lMrny90g0NrIpWEoLi55BHZCOfbdoGYtd/JVdZNKnsAa78n9SIg556AQYsgfrCEG:iyerIWcXLHWbNKQc9KD6dYsqjEJ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
122d65cff91cdb1f9a418aade39cb9c3809ca653f37aff626317f9d139f10a20
-
Size
1.0MB
-
MD5
5a1a022c71bc2351593c4966c2ccf734
-
SHA1
288565784651e25d609b8eaaa58bc070c2592173
-
SHA256
122d65cff91cdb1f9a418aade39cb9c3809ca653f37aff626317f9d139f10a20
-
SHA512
a2ab1e5026bd2ce1378ca61b0411ac16b9a71d68847fa050880d2e3b3b7e13bcfc56a345d387cd0762f26572690edab699f25cd8c5a924e6b074fc89e85f6ad0
-
SSDEEP
24576:2y7gwCfl/HQGn1VVZS0fb1Cgda4m820gPOd7Jk1nf:F7id/HQq1DZDj11d6uKu721n
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1a0bfd97a460f55b1fc7e0dce89496b0041a7a6e39a4429ca0e9d48b03a50c9c
-
Size
1.5MB
-
MD5
a79cf239a470549a3b4bc72b4a7c5e85
-
SHA1
45ba7c2f0a6410323b89d07de10f1fda4ead5ace
-
SHA256
1a0bfd97a460f55b1fc7e0dce89496b0041a7a6e39a4429ca0e9d48b03a50c9c
-
SHA512
759c0992285af843a9827e9a1f63c47b492cb8897adaeb1fdc835b2125803d000845e87e26b0e5117ccfbf09617aae388d2f683c7e72eded05a96e00dad4a28a
-
SSDEEP
49152:AOhpTOU8O5vOPfgJX8qsi8SlvtjITFqLcYqA857:zTdj5GXgJOi8qRIp5f5
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-
-
-
Target
1a180e910531bba2f707949af207f2fdc8ce9073f7ac314168ae29b53eedd8fe
-
Size
760KB
-
MD5
41538167f8a6449df7670af2a204d623
-
SHA1
1d5778a5969ccf1a30f7d00dcd332490fa780549
-
SHA256
1a180e910531bba2f707949af207f2fdc8ce9073f7ac314168ae29b53eedd8fe
-
SHA512
b3532f017d0065d5ea6446c729db36a45aa5204f1cb245b8fc179eace26e5161be7bd58e5fc1ecebe215f3a428f8315066276ca7aca3ebfc508eeb7c44381363
-
SSDEEP
12288:jMrXy90rxDm5f/Nl9rfbFqmS0QIwJuJEu0pMwosb6y8IaD0EHQB:UyC+ff9rJqmSaaAcjos6yXEwB
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1c5289e7e618b13af020062e6a741d58a9f93e862fe8f04fa08d33b6e2ace50b
-
Size
581KB
-
MD5
b98fb041742a723f29e0262d1ec575de
-
SHA1
6b13f708843f071debb24b2a962320f9d3ea4cf7
-
SHA256
1c5289e7e618b13af020062e6a741d58a9f93e862fe8f04fa08d33b6e2ace50b
-
SHA512
79545fa8306722f9f0c1c5d8bddd696ef89762a824d65823271c295c1445db3fc97772be5f4c2ac1e27171dbfcb0bbae79d7492989f13c047b8b70af32ba4a55
-
SSDEEP
12288:nMrdy90awEEk8jte7G1U61KRnEXMp7X17OV2Q:Gy0BkmtZCSKFEcF7OYQ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
32ca200f348780ce8d89e1c2b2a59df856ec7ce7657e7807dc4330e092222baa
-
Size
809KB
-
MD5
619db51cd5af2a1ba3b1569e229fe08c
-
SHA1
0c7569574d8c8f1458a6879f45da6e16072464c0
-
SHA256
32ca200f348780ce8d89e1c2b2a59df856ec7ce7657e7807dc4330e092222baa
-
SHA512
613883ec1e0403ffd76b3cfd8a9b4f57811efe1ab3deab46d2eaefc3afc40e68fc217983093555d4e6f538a81b844dfe0a920bdce8715fbe906f396b49d40624
-
SSDEEP
12288:NMrgy90ShtBRW09O8nT4znzxRSsVdR0EjVXnY9qnoBR6s1xdVTl82HyHD0Apb8U:lyPW09OP/jdR02YqnoDLd782SzF5
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
3aa025ea78f4c4f22121974ca9750d5a185b237e08bdbb6226487f9b7182e85d
-
Size
658KB
-
MD5
b0c2c81fdcde86499d25384bcc5b5496
-
SHA1
88e3a72292ded161a03f21a75f9867e2b37f2a1c
-
SHA256
3aa025ea78f4c4f22121974ca9750d5a185b237e08bdbb6226487f9b7182e85d
-
SHA512
e5bc6a333d930c280e690afe6d6ab0a9aea8faaa1c3ec3111a53b2f6c96eb92b6cdb07b2476ceadf69a9bf80a6dd3024a34560ec2e9dd5b09b647f3c5f6ceebd
-
SSDEEP
12288:QMrWy90eldXuavK8MFqMsq40dEqPEF4FHe/O1wqFhyh1bN2Ar:WyPpdKVqMsgdEqA4FHe/0eF7r
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
3bcf19ad48db781a2c873e68aa933f623915c3a94ae76b3b8bb367d1d4b90e5c
-
Size
600KB
-
MD5
da68f85562207f14d16a39c4f21c7237
-
SHA1
74c8ec9f74e515866ed9f9578e380579f34213f9
-
SHA256
3bcf19ad48db781a2c873e68aa933f623915c3a94ae76b3b8bb367d1d4b90e5c
-
SHA512
ae6171d0f41f314aeedfd2912d1870982371e10ef73be0775c08d69a063b102271600a0606b21dc025b40687b4a42c011420f80adb3703c538b3a78cc50fb9ff
-
SSDEEP
12288:vMr0y90VYzzAeFcW2aCwjTo2WKz/e7KFSKRcEXwp7RUcOK7Y1T7t:Py3zEeGjwA2WYG7KkKWEYRUcBITp
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
6b10f19a8c69f2455a53b070f335d6251772e99efec94e5ada48b7464cae5a42
-
Size
609KB
-
MD5
dd6eac9ed5ab3f460808d6d22b301e88
-
SHA1
1a3f497943b29838025e94f6043238ac42a85631
-
SHA256
6b10f19a8c69f2455a53b070f335d6251772e99efec94e5ada48b7464cae5a42
-
SHA512
f030c2a32bcdd646054184f34bacd209c0245d2f9ce0d2985dcf701ebb8f8158e337e11f312d3e5e0a56575fc954fa3a7a60c65c65a9aa9a5c4ad95aa7134fc2
-
SSDEEP
12288:WMrOy90/tL8s0kktcn7AZCFj+a29sEIGXmDrL7nAtmn/J93GKTH:8yQtL8dtOOAj+fBO7nAtmB97D
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8b1c0f6d0e624fbcd937c3ccc23b673ab7072ccc0339934effd7d6d64916b2f8
-
Size
704KB
-
MD5
b7141f47266f8fb53311b5a5eab29e92
-
SHA1
c3f6fd7ea5e23c826639ee2657a4adc55645e60b
-
SHA256
8b1c0f6d0e624fbcd937c3ccc23b673ab7072ccc0339934effd7d6d64916b2f8
-
SHA512
053bd538bc0a33d42c9bcb76d6026f83a60c91a466feb7d2e6f945f3e86bdfe731bc462f2b18df9806d1ddc5b02d140ffdddf7e0b27c18c8b2056728b4cd38ed
-
SSDEEP
12288:KMrOy90VPnlz2wBiDoLCPE5itsvhGIkO1ObIf/D5Sv5rjnnS+bgumM:cyw2wNW8zp7LlXirjnS+x
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9270cb48ef49ae030430c2bd7e18a87fbd6d168cbe4d15f9e272f075b605d296
-
Size
1.5MB
-
MD5
fe3fd68024dd5be5908f425eda17b034
-
SHA1
6856965d9651bd4970c3f4ca1be34913d43ae88f
-
SHA256
9270cb48ef49ae030430c2bd7e18a87fbd6d168cbe4d15f9e272f075b605d296
-
SHA512
fafe21586377d4181b4ffe6d2b31c0ed4f6de866ca375da28d49b75e4599924b410f74be907683e9b3ad2129f3bf0940a591af29fcb86521771ca9e896177366
-
SSDEEP
24576:xyL7EvC4xauMWNWNmVq0FFiAIqHBHufJDwTqbaaJiWJ9KM0mhIUgRwg+plfbWUgj:kLI1ZMWNWNsixqHBHufJFaaJipDmhE+m
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
982c3849f2e88644dd45e489219e2fa85fc8e40c0842ae8fbd06b1bdf7d2382b
-
Size
649KB
-
MD5
da1f8161d2da254847077be0639de3af
-
SHA1
724b87665a36d7c8b83604a10500ace45e059d24
-
SHA256
982c3849f2e88644dd45e489219e2fa85fc8e40c0842ae8fbd06b1bdf7d2382b
-
SHA512
58e64891b8a04f2068b8ddcb33bb0b79cd16dd4307acbaefa845c8929ff16584e47677e2723203fca3fe17991fb32bdda0bc1ccf8b9a2c6448487fcbc8f8f057
-
SSDEEP
12288:sMrty909bwU8gmneOQiPy6Lb11YxkrgqyMX3fwSZYV:BygbpQzLXYhqx4R
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a5ef5321052ab836215111e00811fcd41cd3e3b3786bda1ed7edece97cba6a7b
-
Size
786KB
-
MD5
d97d90418a7726a700763296227eb7cc
-
SHA1
430ecef62ce1eb2830d0e197a94c211d4f94ba8f
-
SHA256
a5ef5321052ab836215111e00811fcd41cd3e3b3786bda1ed7edece97cba6a7b
-
SHA512
9d55808e50e6a79a5534d934bba7de7d337fab4cf4abbb6b5e96e324b9eedf8503e89b4045d43029fea43a417db599abe8335b82c9b94c97eca479174510e6c8
-
SSDEEP
12288:fMrCy905rSmfpxFMSmWGsUKenqO5tD20+6mf1KRpsXZp79yOQxhLY2k0Uy7Z1:hyGdfFMOoDtmf1Krsj0h02k9y1
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a96e6df3c0e345fa518723f36c81521d2f056b19754c4bbd84cdd3c90347eede
-
Size
609KB
-
MD5
61bd17a21335a48a02b95ab76ded1909
-
SHA1
759a7145c9c489f1d48b7c349455af480ab1a176
-
SHA256
a96e6df3c0e345fa518723f36c81521d2f056b19754c4bbd84cdd3c90347eede
-
SHA512
d92813d7ad7ec1c6eba3d41c39c7e73474554fb9cda136dde1d4fe4fd7d878a78193e8bb7d6ab6da5d0cb00cc81afd35a48920ec4fd2d413c20e477cd7425c94
-
SSDEEP
12288:3MrGy90NavpHis6vvFice4mMr2Lz/l/xMJD6:9ynRCsYFicjP2vy6
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
ba6bca4989ecb1792e703ed9fe411faf649a4dcb4d05d319ac2678201fd51871
-
Size
769KB
-
MD5
eeec40b56c7b6d71e6358b192d6014ea
-
SHA1
e84410a95d5ee36604cefcb9c1f2131e6f2fdb30
-
SHA256
ba6bca4989ecb1792e703ed9fe411faf649a4dcb4d05d319ac2678201fd51871
-
SHA512
c4b4029b9a8d3897e4cde70b08848db822c22b3dd6cee1430c51775723fae43fa42c4f21ebb51c8a26a91cd303f09b7641c3e2c0710b9ef7a64d56f8d2f84466
-
SSDEEP
12288:EMrqy90Q6rN3FQYzBc1j0wEP3FqbRG9RvhejcxWvDxh0cN3dbzap6Fk66pz7fbdt:OysHQ2Bc1jfM2DD1XbzMek6adt
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
bad97858db5dda89342aa20cee6db489fa0f6859c8723e24cac79ffb85811e8e
-
Size
609KB
-
MD5
991a01dc2f24d959e954facd3333af95
-
SHA1
358d3fea9e3d609db40a663a1e1649b3ebe01aed
-
SHA256
bad97858db5dda89342aa20cee6db489fa0f6859c8723e24cac79ffb85811e8e
-
SHA512
254fb0615c4800690e65f69e1c8f6f1ca4072cb684d26928f95c1983e590e02a7fc935d973b8fdc2aeec31fc976cd163c49da923cee56de6c51b1532d1114e2d
-
SSDEEP
12288:GMr+y9067bv7ep0xO1z7KUQLrVuhX12NZ7W3m1wR0Br0zyFxPNeZ4D8:sy3nvE0xFhuhX12y2iaBr0zyXPN/D8
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
bcce7883f84c054a7e0e31d30fae77ecd28c2dc7149f36958b01440bf0334ea7
-
Size
1.1MB
-
MD5
70cfabed1c042d1256b7a9d3c54366ca
-
SHA1
e8fb44daf242175fba34d583533a1b60a4ccaf31
-
SHA256
bcce7883f84c054a7e0e31d30fae77ecd28c2dc7149f36958b01440bf0334ea7
-
SHA512
b5db1d0488fb60229f5cc9478c7187e81353336cdae3d0efc28d1582abf3982c62ef105bc8903bf2cb046946abe9aecc8c5bed49c32b7b925f14c8bd9f8957bb
-
SSDEEP
12288:sLezkH3T4U+zNJUWcaQ57xBOgzm7E9vvlM0snyWzhYHVh95zRiwkH6fuDM8ef6GV:slX1+zNvcaQ57x9Gml5h9xRicCYt4MD
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Uses the VBS compiler for execution
-
Suspicious use of SetThreadContext
-
-
-
Target
cfb7a03beaf7d7fc86e7d64b823645be27b3ae8e9fada6e93ba232a6916307b3
-
Size
1.3MB
-
MD5
d87222c75e0b7ee1154795ba46999ae0
-
SHA1
fea22aae1a7637d583c6065d68b8120e52db1b39
-
SHA256
cfb7a03beaf7d7fc86e7d64b823645be27b3ae8e9fada6e93ba232a6916307b3
-
SHA512
557c7d266abaf8dcd13fcb15a3cb69c6defdb83a821a5b2556f6dd136723910c1ee7e87b558f8441a4f813f689be28923455e0c7418c5e1da7e1687035e54377
-
SSDEEP
24576:qy8KbW9vlamXzWNS17TMbbR1a5l5pNAfRVybAJxTMVI9MtX:x8f8mh7TIRo5BCRQ4
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f446c909f19842f14d9643227c64f29a129aefa05bfd1800cdf1d9231454083f
-
Size
325KB
-
MD5
94423a76c276ef0619854c22feb44640
-
SHA1
ade1d5f65c42a03b7f2320c9d281b72f06002606
-
SHA256
f446c909f19842f14d9643227c64f29a129aefa05bfd1800cdf1d9231454083f
-
SHA512
0fa2fb4222120f91a8eafe37c558c9386a6fc8e7bf5dcdd951d20d099b1b5a758ed7c56897ab5fa377b34fb4829ca273c0dc4943182d4fa51d32ac3ed71160e5
-
SSDEEP
6144:K4y+bnr+bp0yN90QEcwrqnDMxPzT2hn1RNfcb35572kM0P8:8Mr3y909qn4BTSzu1R20P8
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f8f22cd34cb4e25f9de8ac7d851976b70c81c9f756ba7be65cd8408823b8e916
-
Size
1.5MB
-
MD5
61e04eb078ed0e96fc2a097335c3634e
-
SHA1
b98a488dc86eb0314665ae372a71ad0b8d345b34
-
SHA256
f8f22cd34cb4e25f9de8ac7d851976b70c81c9f756ba7be65cd8408823b8e916
-
SHA512
1c6654ded80c7fd95c829259f0f08d35a0a4d4f6456454cc0f0989adfd342b92eac1b89e43e9c37658674c4f567373d154db925955779eb9fb5dbd0260af54db
-
SSDEEP
24576:nUymkWGEDMu+H/8/BGOnfQiUUSj5AW83bOxRbx4Yk+lHyF+k7w:jDWnDMu+H/YBGyQinC563bOxRbxdBW+y
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
2Modify Registry
3Scripting
1