General
-
Target
8cc6679c34691a07ca82dfa2e42bb4cb80b8f3283bad650d6e3818ac030c32d3
-
Size
13.9MB
-
Sample
240522-xranpsdb38
-
MD5
755efd7950ddae5744778c010060b136
-
SHA1
664e5b0dce04e03539c12097980c28147a8a5d49
-
SHA256
8cc6679c34691a07ca82dfa2e42bb4cb80b8f3283bad650d6e3818ac030c32d3
-
SHA512
a2fe769f8d035df257ddca1210410bc9b8e5f521eb67c82b6c1a40feb53beda601a1229578f0efeb0991475945fb0d3644358f9556ad2b83ea9c9726f176f175
-
SSDEEP
393216:pqeCjY7V/bWLHMAAHyTEgIZVKJItmRP4ZGaqooMmzt:pqtYB/buAHyTxIZRQMGaqooMmzt
Malware Config
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
amadey
3.85
de7e5a
http://77.91.68.3
-
install_dir
3ec1f323b5
-
install_file
danke.exe
-
strings_key
827021be90f1e85ab27949ea7e9347e8
-
url_paths
/home/love/index.php
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
amadey
3.89
daf753
http://77.91.68.78
-
install_dir
cb378487cf
-
install_file
legota.exe
-
strings_key
f3785cbeef2013b6724eed349fd316ba
-
url_paths
/help/index.php
Extracted
redline
kinza
77.91.124.86:19084
Targets
-
-
Target
01f1d397eef76f3dd4c0d5121d6596a6ff410ea7e8fe3ebd913d701f9928557e
-
Size
1.1MB
-
MD5
296963a8b99e4ba04646550244f1d6f5
-
SHA1
967b51348c19d16f36cda82e504359e55cdd0d1b
-
SHA256
01f1d397eef76f3dd4c0d5121d6596a6ff410ea7e8fe3ebd913d701f9928557e
-
SHA512
61025f0d033233a8d4a5b73adb77227237b71f79b04a5656fff7cc4c51554645e6ac12a9fb11a87304316b8f73184e1822525d88c63e209e53406a7a5a2789e5
-
SSDEEP
24576:0yYO7vqvACYYG7D2KgE+poyBsFzk3uuFXhCqqkeNi9o+lydEGt:DYO7v/LYGH2KgE+3izeBiF
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
061d4b3cae1ba072bfa6849a31d62afd811d04b5a2eabddc17081e56f1701cc3
-
Size
656KB
-
MD5
1a8079b8f19a5d0a3382c8f0f1c82b23
-
SHA1
2fa2c4c059b2b1da583ddee3173fadd02d501ff8
-
SHA256
061d4b3cae1ba072bfa6849a31d62afd811d04b5a2eabddc17081e56f1701cc3
-
SHA512
49657dc6adf64355cc4c14baa8b15da1dc1ce3897b770c530d66a593da220463e4072d09f0ad905da8c49e17cbca9fd8cbac4a63dc16a73a1ad922a41118ccdc
-
SSDEEP
12288:7Mrty90IqQic5Cf54N7Mw7KKNc9lKR+9W0Eu+wSGgjU427q4IIWI:yyVqQiUChU75Nc9lKR0W0EB+RCI
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1510cb1a4ff1f8027f8f81a2905978b60e40fed8901c2f4c5e99e35801083d7d
-
Size
604KB
-
MD5
76f318321de01f842142662a0e9d1f79
-
SHA1
63b05b7f9760400fbd568bead10f26d7f876ba8e
-
SHA256
1510cb1a4ff1f8027f8f81a2905978b60e40fed8901c2f4c5e99e35801083d7d
-
SHA512
92b54fe8150c22eb460fb9a001989ed5ee452e66d1200c715a481151f0aac3cc63c24b6cff7bc7faaa4e0fb549dfe551c646b0e631a2b0054db7449f9808c7a8
-
SSDEEP
12288:OMrNy90W4zY0QqOgvZIteQdrtFyGjOC2fnNz6Cg3JdWMqUz73JHr0M:/yRGY9tndDydN2CKLpnZHQM
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
18c958ac2546c1661c9e22160d98271416eb758de547c310b4383874d4384f40
-
Size
661KB
-
MD5
06107584f5a9cbaa5ae44873617a626b
-
SHA1
3787ed532fbbf131c175b567261349a5e9590819
-
SHA256
18c958ac2546c1661c9e22160d98271416eb758de547c310b4383874d4384f40
-
SHA512
8a7f0fc6a093a70af45db862210a70e5c2e4721acb05336234fb73e1cc74f5b52432501a79c957628dec5c7299b7fd073786d334d2e0b3d91361b5014830e300
-
SSDEEP
12288:YMrcy90okKUTUbNl7wArIzo+PIjDU7UWIubwEdhctQn+0i3MOLW:UybUT4ltrIztIjDUoycEdhcO+0i3MOq
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
1ae5f47f1c4c38ae30421b7b2d3551cc7678aa01afe0501ade7019fa35f63be8
-
Size
705KB
-
MD5
d1388cb2ca131829495ce7e0da1e099d
-
SHA1
0e238acf0d5ea9508f95be2f29b1344845595f50
-
SHA256
1ae5f47f1c4c38ae30421b7b2d3551cc7678aa01afe0501ade7019fa35f63be8
-
SHA512
64ed4eea3f6203f4ef339571ed0cdd0198d530392b8a64d48d9bba8e4091c59a527d212b31cb8f26d6703fb0a87fc38d637fcd35c7109f530b1b897fc26acfc0
-
SSDEEP
12288:xMrvy90+1oTVjWwJxPFVSNqnoYD7FkwS9Rv9tZLaQGXI8hRA+l:ay/1oT9W4PKNqnoeGRn1aQGXdhRnl
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
27768bc4484847752b8e6b935f4d0a7c52af11184186bd7e6297fb761bebcbde
-
Size
1.1MB
-
MD5
f0521e19f6301f6353dcec5f6fd4fa44
-
SHA1
ceb665d8c8826561651eba2a39911c918bf2a1ee
-
SHA256
27768bc4484847752b8e6b935f4d0a7c52af11184186bd7e6297fb761bebcbde
-
SHA512
d3ae67cb6e016aef33c9f40184e4319c0589d5894bced0007cf6a9da8f983f1604e307420f193a8e27c645ba99ce457689b89639845acfd2e9af8c4ab5f9b403
-
SSDEEP
24576:Iyxw7cqfpuOikuYIwABfbtKG4rgTY4llNPHCgV:Pxw7ZfpuOiVp5ug84lz
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
32de0993bcf732baddd380146e8009f4e004108cb7883b6e48fcbc5c9e48ca1e
-
Size
1.2MB
-
MD5
3cd4c28fa62c0cf93bf3eca5ef90e439
-
SHA1
c6e956a087f43a24e4d6cf421a78b5671e9213b7
-
SHA256
32de0993bcf732baddd380146e8009f4e004108cb7883b6e48fcbc5c9e48ca1e
-
SHA512
46a98da1e17c64052fa36ea544a8e8cfdd9b67735d441fc00c3b4917299393fceee61f61a1e024a0d0d375800d929e837c47099a8425d010b07d1353a4b7fec6
-
SSDEEP
24576:PyeumwYs4AEjgXoSz+CGOOFmYWmZetNk84ps1Yu812Y:agZJaSCGOO1J3
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
47583004588b256f019d58b713a937997ecef0edd4d8392a3f8836dedd537bca
-
Size
390KB
-
MD5
884ec979915eef9e2e2725c4c65bd518
-
SHA1
8281dad3097c3de6bf99cd110ca3ee5d78e1b59a
-
SHA256
47583004588b256f019d58b713a937997ecef0edd4d8392a3f8836dedd537bca
-
SHA512
10973a255a48dcc9f7163f4566df9ca22c6e9b81784cdeb55635f4ffa9d2ddbb5b72e249df14659ac3be08a3bc63a9ea2d4719d5c9229812ebeca16057148e0d
-
SSDEEP
6144:Kdy+bnr+Dp0yN90QEJ2idfN6KTq618RPAlxSym7Ak86GwS0myABh4uC03f14oy5:DMrTy901dTqo8RPmGc6BS0ubNG
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
58fadac0148f4700691a27abba4e41a0df870120ca131083c61a9404cf59cd99
-
Size
277KB
-
MD5
a34f98dd943b8cccb2f645b07d52ca76
-
SHA1
7883bc8dd3e33c9d96fe217aa46a09c1b0e3d605
-
SHA256
58fadac0148f4700691a27abba4e41a0df870120ca131083c61a9404cf59cd99
-
SHA512
00ee5bd0c09a349cab2b8589db5582d52b8d7b58036508bc65359f376bfd4d808478daf33eb8735ec09c8a7aa2d1b962c36e0e77940a24463378939096c9a041
-
SSDEEP
6144:KIy+bnr+Gp0yN90QEiILYVudMMgcemAPMinb7ZtaFS:kMray90QIUVumMgcrAPMinuFS
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
5bcb59af1e8fdc9fb69507e4637417a278a508a73a46fcb1cb6472bf434d61c1
-
Size
384KB
-
MD5
190bef0663a721c5e8bc20980b68cd2f
-
SHA1
7551af14cb75848354f0631832922793f899100f
-
SHA256
5bcb59af1e8fdc9fb69507e4637417a278a508a73a46fcb1cb6472bf434d61c1
-
SHA512
70df77bdbed9131cf91d1d3073d9d04a13a05ffe40fca1238886b94f79a8e451fa4fa88261110f472e0d00ffbe30ef96bbee7ab8dc701b5507b331edbe552186
-
SSDEEP
6144:K/y+bnr+Lp0yN90QEDwrqnDMxPzT2mpdT6Mpuf5gRn1mdtk+NIWo7qZkx:JMrTy90Mqn4BTvrmMoK5IIWo7C6
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
6e55f3939c54789579d9edaea7a64558acfd0452671c75dec280d3967cee4b05
-
Size
604KB
-
MD5
59dce709730f2f2ade77ccbf09dbfdc3
-
SHA1
faff86182c2b5610795196c4e42c1ff3bf5c1bb4
-
SHA256
6e55f3939c54789579d9edaea7a64558acfd0452671c75dec280d3967cee4b05
-
SHA512
2df0843fafdfaf2db5adf8c195ba9c2eac261baa19eb7dfa6add046bba2a260298becd9185d367e2bfc363abc69ff2115f803a51665cadcd40185cb6c7af4cbb
-
SSDEEP
12288:wMrgy90uzPFjPfRl6Ki8tBpNAol1+4p8pC49FN5z0NfUMHOKCjw:Ay3FjRIKim7N54gAV9FN10NfrH
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
7974488bc67afaac8d23b7341dc9f5768ae9f7551986b8176038e4384fade015
-
Size
430KB
-
MD5
0f6e4957b21205acdba137d49309cbe0
-
SHA1
9ebf7a5cf45f9171f36df9f46038512e6856a7b3
-
SHA256
7974488bc67afaac8d23b7341dc9f5768ae9f7551986b8176038e4384fade015
-
SHA512
52047a008295322c22a308772256b16221ed2c8556b8e85bfffb275a9a00879cb81b092f9652037d9e79e79bec64881fbc8d8630e9260bc9e664e4e713e459ca
-
SSDEEP
12288:AMrey901WT4iQGvoin9GqfDfJoTBLrt4zC8Z:uy+QgG7b7xogew
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
835316bac6a8889d99c5d6d8e4efcab2f58dca79af1177a540dfd6310524959f
-
Size
599KB
-
MD5
2c0f12a16c5557637034be9edc7d59e6
-
SHA1
fc945d05e845c02ef3613d7e696e483d4581d666
-
SHA256
835316bac6a8889d99c5d6d8e4efcab2f58dca79af1177a540dfd6310524959f
-
SHA512
57b4c1e7f6ab424990f38636454e3109bf147259ad20e6ed126a90601dbfd85cddbbdfe446ac19d09600b5f87e646422427bc976ca09064cdccb0b0992fc4d0a
-
SSDEEP
12288:5MrPy90N74Xvv/J8dGNDOsAa78nLSzgX56hQY4fgrCs6Fq:yy/39NDlcLzp6uY4ibl
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9e24511e4ae502d0fa4c07e62872ab93857f9a90cc4305ad201c665bb7dabb1c
-
Size
234KB
-
MD5
e14603803b359a6fa6e60271b0a476bb
-
SHA1
fcbd3ab6862e4276e0b0dab08a1228a5fd9976c6
-
SHA256
9e24511e4ae502d0fa4c07e62872ab93857f9a90cc4305ad201c665bb7dabb1c
-
SHA512
56e8eafa7b30cef5447cb01ad89883541378dd361fb3e0c5c271ec67a8fd8ad549ff85505e2606396ef9e9453266d418fe503c340ae536c1fd05dcf0f0861450
-
SSDEEP
3072:Khy+bnr+O105GWp1icKAArDZz4N9GhbkrNEk1lcobU3btQutRCIuN75Xo4A+eUoD:Khy+bnr+Xp0yN90QEvbiPXQ
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
a9634fd1ba8044a7eab6578eb584c6d9fb03ce50d998b0cd9babf4950e75e22f
-
Size
942KB
-
MD5
3fdc937eceb5ad2ecf4e396a6ead0c62
-
SHA1
cd9e91ec3f83c7d87289790c0bc6e52b795bae18
-
SHA256
a9634fd1ba8044a7eab6578eb584c6d9fb03ce50d998b0cd9babf4950e75e22f
-
SHA512
66a3f34db4b616e1a77cc3052064b65edb1154c2c993dc13da19304d15c9144ca295d993b1642f3ecc61154d7955e312b0ff75d94a53df4859dd75162cd8d8c5
-
SSDEEP
12288:/MrIy90QpDWElKUjKE+QJ8yjQ/+8iDpvZeqkR+O4Sml3+nujijjorQRLtIHZQU5F:fy7sUj3+QT8xupsNKlQyijRthY
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
c1f424012a2d01ca458f9aa1aee9cfff75d79a0d7398ed9d13463a386f0c9297
-
Size
827KB
-
MD5
bfa4cf5f2fd81a32cb9ef83232c720a5
-
SHA1
d51afc3ae1d52a7180f052e30b50fbd49041e4db
-
SHA256
c1f424012a2d01ca458f9aa1aee9cfff75d79a0d7398ed9d13463a386f0c9297
-
SHA512
d711132e94eadb471557ed27b962e92e32591aea3e22cbd74207c092da2a55307f0482b8ed711033c4b7213f0c420f78d6f0fb84cdb8eeb8ee5da42997fc2f04
-
SSDEEP
24576:Yy6WNyEwY8oqPgx/7Qf5kGeLUKhO5U1J9CzyfsO:f6uyEP8oqYx/Uf58PCef
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d73983a05531434ce8059cbecd66902874ebb8b890a3d571cf7d1a5b9808c76c
-
Size
1.2MB
-
MD5
7c470fc200e97e4dbe58df22d2b3b0ae
-
SHA1
a82caca7cf70347719d24a83a1a4f0964af3934b
-
SHA256
d73983a05531434ce8059cbecd66902874ebb8b890a3d571cf7d1a5b9808c76c
-
SHA512
a32dc2628bd6887040ce6b529705cc33f58814a03b2bc7ef232f98f3a0239762c58d0c54e97eaa890ab7b4adc372d08f68b80bedbe1f39c552bea97e480d4f91
-
SSDEEP
24576:4ymuTV0Vt0N93LcJod7N0KatjE5qkZgN4jlP32O8LmBWvfa4D:/xiV83LJ50KatjEQ0gNwVYLj
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d7acd7c73cc74a8d699adc50bd3fd6a4f7a58beba960ec5bd429c4ad058a65c4
-
Size
1.2MB
-
MD5
3a0fe7ce9450be4b5bb42e4c14219604
-
SHA1
0e87821c332e7ec4d4246910cf2ab038a27c8190
-
SHA256
d7acd7c73cc74a8d699adc50bd3fd6a4f7a58beba960ec5bd429c4ad058a65c4
-
SHA512
f87ac3817d4632c1a19d44c19f78559e05f225a1a3ed825cf111a748c2c22579a8f3ce779e72515ee003225c67136fc0ae6a14a3e3db4eabce431d7a31531c26
-
SSDEEP
24576:cyrIFhvmG72UKcEU30Bng11IGcgolGKjFcqPHtxz5Cg8/cQb5NF:LrIF1mGaUKcEUEBncy9R1jGq/7ica5
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
e7a1c6bd3aba15347d3f975781da052144282ff4be210a7d47fa919718a09d74
-
Size
942KB
-
MD5
bba52e4949076e23493f303121140f12
-
SHA1
68fac8b6f4abca233af3fe66f8f956137d7e8bda
-
SHA256
e7a1c6bd3aba15347d3f975781da052144282ff4be210a7d47fa919718a09d74
-
SHA512
72bc8de3843e7100720b604e3156fe884f8f2b4a02d2c5b9b01c61caf6d1339b012ae339625e2032eeae6ef8bb90dcf6f87368830e193a3e6adb5b13efcb0911
-
SSDEEP
12288:1MrWy90qwwTA4eeGo83wqmLwhZ+tRnJlDXKmmp2zWuc+UNd0+u3zDOB2KtEJ4N6l:zyT/4PmsrgjlDXMoWD/gD3V40g088x
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e9a8b4bb4dd37e699485236af8b9f652f2d7a93c83e9ce906ac2e6ffe1fb5e42
-
Size
954KB
-
MD5
b65641f23eead5be7a64228632048588
-
SHA1
25ec492c675c5f9178e22fe9987de28188932252
-
SHA256
e9a8b4bb4dd37e699485236af8b9f652f2d7a93c83e9ce906ac2e6ffe1fb5e42
-
SHA512
b41516ed28383054bbd9e89868a8294317ca6b6ff4ff4ca5769246a6e9ad3b87e7f9b3f6ef0b03ec650723e5454d1db809357b875243bf273071d97eea71b2bb
-
SSDEEP
24576:HyHsLsUsIRbO+L/PSIR9CX/1HKxCJKglO:S7UsadLU/1nJ
Score10/10-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Scheduled Task/Job
12Create or Modify System Process
11Windows Service
11Privilege Escalation
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Scheduled Task/Job
12Create or Modify System Process
11Windows Service
11