Overview
overview
10Static
static
3169827445a...fd.exe
windows10-2004-x64
102c5911fd0a...9f.exe
windows10-2004-x64
103d26ff1c7f...6f.exe
windows10-2004-x64
104316c9cb7f...d5.exe
windows10-2004-x64
10453554affb...f6.exe
windows10-2004-x64
104be48036db...87.exe
windows10-2004-x64
106843058b07...7b.exe
windows10-2004-x64
106ab7739b7f...d6.exe
windows10-2004-x64
10741b5d1728...11.exe
windows10-2004-x64
107dbaeca4ac...3f.exe
windows7-x64
107dbaeca4ac...3f.exe
windows10-2004-x64
10889f2baa64...76.exe
windows10-2004-x64
1092288ddafe...85.exe
windows10-2004-x64
109697ffb24d...50.exe
windows10-2004-x64
10abd0fa453e...b8.exe
windows10-2004-x64
10b28f0b1322...38.exe
windows10-2004-x64
10d89a055085...df.exe
windows10-2004-x64
10db77a8c068...dc.exe
windows7-x64
10db77a8c068...dc.exe
windows10-2004-x64
10e00e311d45...53.exe
windows10-2004-x64
10e0990290e3...28.exe
windows10-2004-x64
10fedbb32d49...4c.exe
windows10-2004-x64
10General
-
Target
b0707ded6960936877cf4a2a4a5a7191894ea5c19ee70296e7004b5431f5044e
-
Size
19.8MB
-
Sample
240523-l22pdscf42
-
MD5
7372914225f6a9fefb6c9f824bce934b
-
SHA1
60ca200155a154c76bd419590d2976962f25ea48
-
SHA256
b0707ded6960936877cf4a2a4a5a7191894ea5c19ee70296e7004b5431f5044e
-
SHA512
d8fc673fdacd756b2d81f14d71724c7be716ad2bd7618a5ebe6806e58970f0cd0cb073df898e584dc4bbce6befdbded05d6577c3bd25c6893a0f5763698ab8cb
-
SSDEEP
393216:I352sY9EAvP6+7PPHyp0d68qI0XaKGF1bT9ZhXiw9hq:+dcF7PPHypTtIghGF9V39M
Static task
static1
Behavioral task
behavioral1
Sample
169827445a78f6e1cde6f851fe18dbe8b5850a2768cb303f453ceaacfe59d6fd.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
2c5911fd0a616aa00118b87a5216b4c3312dd590b4988b62bf0651b91fc5b29f.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
3d26ff1c7f2a98b2c2c03ddc43bd17ad629931d425986a46cb7ba3ef54b1ba6f.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral4
Sample
4316c9cb7f9e1a073313300df45a90e9457dec01ec27e4f7c9725091247276d5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
453554affb4477ef1397310265a6a90ae0953e5bca58d9b7b98e7323e7cccdf6.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral6
Sample
4be48036db804507d4009d7d5ef56ad2feeb011ce624c73eef68521a4acf1687.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
6843058b079dbc0a22ff6542bd36408373534e51519828b2e5059a1c3a0a837b.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
6ab7739b7f0b5cc84bf55cd6f09beb3d4860ec6428202c54e8e023161020c8d6.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
741b5d17281b7e19ee8dd529a91b547c0bdf8938c84539f745ec882d49373311.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral10
Sample
7dbaeca4ac219449e315df2bb20e786dfc5c304cb5d522d6e15619a91276ba3f.exe
Resource
win7-20240220-en
Behavioral task
behavioral11
Sample
7dbaeca4ac219449e315df2bb20e786dfc5c304cb5d522d6e15619a91276ba3f.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral12
Sample
889f2baa640211bf12947cfab6157ff93a774d0b4ed9568df0eb65952cedf576.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
92288ddafeaa0f77357b90005f63961458788f6cd7af44be378bd1de6a725c85.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral14
Sample
9697ffb24dfe38f4a40e3cf91464543c6f5a47170c56b58a949e1a93ab9df050.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
abd0fa453ed59d06e5c3d6cbafe873f404a47cab8f3c4bcd545fdfa7491ff4b8.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
b28f0b13221fc5aaa297029cc7c28a22c5b5dfe8aa6626036342ae0b862d8838.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
d89a0550853b7067190a4816c540a6838fc7703bf9df0665fc491c92feb72adf.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral18
Sample
db77a8c0688fc65498578d6fb53ea4154ece1d8d958e3b911f81835c8aa908dc.exe
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
db77a8c0688fc65498578d6fb53ea4154ece1d8d958e3b911f81835c8aa908dc.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral20
Sample
e00e311d4566f8b67392f945545d0e1ea579af2fa76c416042196eea3ca75753.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
e0990290e38dc94b3c6a8bd8d028c230706f11717bdc17beb40d9a73dcfb2628.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
redline
supera
77.91.124.82:19071
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
redline
kinza
77.91.124.86:19084
Extracted
redline
grome
77.91.124.86:19084
Extracted
amadey
3.89
04d170
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
amadey
3.87
59b440
http://77.91.68.18
-
install_dir
b40d11255d
-
install_file
saves.exe
-
strings_key
fa622dfc42544927a6471829ee1fa9fe
-
url_paths
/nice/index.php
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Extracted
redline
plost
77.91.124.86:19084
Targets
-
-
Target
169827445a78f6e1cde6f851fe18dbe8b5850a2768cb303f453ceaacfe59d6fd
-
Size
1.1MB
-
MD5
fb7f64bb0a4554798853318043392040
-
SHA1
4c81df15636106a1cedc43f0435443c9b1547f2e
-
SHA256
169827445a78f6e1cde6f851fe18dbe8b5850a2768cb303f453ceaacfe59d6fd
-
SHA512
56028f73d5d98c0915462996be04b5a7ebdffbbb7188618e2ec2825ebe0b95cfa1b1fc36192b0ca6af9a60b15e285d515c4c91398d0e5bd45241c7d3ff41cbe0
-
SSDEEP
24576:cy1c2oUIaB6nHyAA91U3UyIXZdYnVFrNcnoKfaxBS1SAE:L1mUpDt92nlqnLynSUA
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2c5911fd0a616aa00118b87a5216b4c3312dd590b4988b62bf0651b91fc5b29f
-
Size
1.5MB
-
MD5
b61170f2b227f99ed0257b938906f686
-
SHA1
f6a839a52f0af527b1ae2a4b37946941b18da532
-
SHA256
2c5911fd0a616aa00118b87a5216b4c3312dd590b4988b62bf0651b91fc5b29f
-
SHA512
97ba944bc336d05f72362828c87f6101ffd639d8edf47d52e94648396a5075b771dfd46bdfc5347a911460647d4d10eb91032d848374e21b53341a1f1ad86c94
-
SSDEEP
24576:Ey0Xn/cq0cXV5RSiGOQqZFoZiQVrRmG47oeQBVx6WolM2y32bRu9MzkWfB0yxNlV:T0UwXVuHOvmRr48eQV6Woy52bR0ikgXN
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
3d26ff1c7f2a98b2c2c03ddc43bd17ad629931d425986a46cb7ba3ef54b1ba6f
-
Size
762KB
-
MD5
11df01e82b58f1a3d8a5c62a401219b7
-
SHA1
2773e63a84277c066dcc19d137ee8ead40b0f425
-
SHA256
3d26ff1c7f2a98b2c2c03ddc43bd17ad629931d425986a46cb7ba3ef54b1ba6f
-
SHA512
31bcc0b35d3b233e2492d8b926faf5e0125759c25d4e31ad856f18ece1b8f5f9f227318243e2073fa0e9c2a8446975e74e4353fe0c62421205112f39c5b04042
-
SSDEEP
12288:1MrEy90prXEjmnceU42eTQuYz2IQKg232Jmx95wb4g5AhQVO3f92BiU/oD45f1Uy:Jy+DXce326QuYCF2emxPwb4oAhEOv9oT
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4316c9cb7f9e1a073313300df45a90e9457dec01ec27e4f7c9725091247276d5
-
Size
1.3MB
-
MD5
546b638f06657955666299dcead4ea56
-
SHA1
6714be04f61627cde0ce56ea6da5dac844faa55a
-
SHA256
4316c9cb7f9e1a073313300df45a90e9457dec01ec27e4f7c9725091247276d5
-
SHA512
4a1896a72963c9931520ca4365f8d5e31bd9644562218ea6d5866ca6fb8f8923e4291752c35c255879212aa33a4dd64caa274e019dbe6144bd9f2e911c0096d5
-
SSDEEP
24576:5yJYHB+O7bfYoN2SO7/OKvsCQnP93Q7tlI2zhFaa5YjBDcP9p3BsdP3l56/9:sJa7bMSObOKvsCQ1AZljtFaZDc3eP15C
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
453554affb4477ef1397310265a6a90ae0953e5bca58d9b7b98e7323e7cccdf6
-
Size
1.3MB
-
MD5
c9fecce5ddbbb4c08036eb804806585a
-
SHA1
de118ddb2f2b644a73e314d1bfc9ff777b84c41c
-
SHA256
453554affb4477ef1397310265a6a90ae0953e5bca58d9b7b98e7323e7cccdf6
-
SHA512
59be1a656c71b2dd3a2891a6b27e842f808074dffdd1b954d0ee781bab2183b048263e9381489223d97e74aff6cd8bfa825cab657c4b9aa9eba9d7f8d234faff
-
SSDEEP
24576:Iydmfk80iPrZsm2S05doZXri0tAnA+dzNpm5uQVMsi0:Pyk4ZPCU1And58pp
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4be48036db804507d4009d7d5ef56ad2feeb011ce624c73eef68521a4acf1687
-
Size
476KB
-
MD5
1f97ceddfda581c9ec60046f75303998
-
SHA1
46877392054ca0be8a14c4e1d9b3d29e07207dab
-
SHA256
4be48036db804507d4009d7d5ef56ad2feeb011ce624c73eef68521a4acf1687
-
SHA512
fa8de06624492e47336c1df59269b2ce95aa73016f75f50514bc8e7d72d5fd3d453cb9af4b4a7673b91f3582b5ac639f264f674de11beb0cec2535f66a9ae076
-
SSDEEP
6144:Kzy+bnr+up0yN90QE8nNKUZvdbWjVJGZ0KbFOfs/jfh3Q+KRFgEXtaBv7+hKBfsR:FMr+y90WnrFz75g+KRuEXYp7nBfBp45
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
6843058b079dbc0a22ff6542bd36408373534e51519828b2e5059a1c3a0a837b
-
Size
755KB
-
MD5
6e2b42c5af81be00ce089c6402751459
-
SHA1
e87e49393955166a1f1b1e3882b77d51085c2a8f
-
SHA256
6843058b079dbc0a22ff6542bd36408373534e51519828b2e5059a1c3a0a837b
-
SHA512
01149b34aaece48cdd430dc8c2a66907d3fb1580088718b2e80c783b8e9030c5c83cfa4b3c239ff0c68a7e5f465c173a0c93b6d32b311ac950369f157d775092
-
SSDEEP
12288:kMr4y90irAsuxGEW8QklzHVZOGhYZkqfzYiWW9rHZuU/kFuFadflBRX9gCemkfBL:0yNjCCkl7zY9LYR+bZuSKdTgCeLZLGrI
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
6ab7739b7f0b5cc84bf55cd6f09beb3d4860ec6428202c54e8e023161020c8d6
-
Size
759KB
-
MD5
b69c615e91840a82076fe1dc0175cd5c
-
SHA1
bb23d10b27c9fb45af61d9414f31944bbfd6d62b
-
SHA256
6ab7739b7f0b5cc84bf55cd6f09beb3d4860ec6428202c54e8e023161020c8d6
-
SHA512
5a4aa247c3bb6167c03c050c2899f8a669c3835a93ee16509dfbeb2f06eae38b4cec1e3c8a5efc65e8df2eba665c1f42b85b192edd3fb2f7d1ce43761d134c90
-
SSDEEP
12288:4MrMy90OPICz9hQnKZKC5Z7O9mpz53ClrunebLXR0prExFgUI24a211bt:kyrPJQKZKC5ZCkz5SRunebLB0p3UH4ao
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
741b5d17281b7e19ee8dd529a91b547c0bdf8938c84539f745ec882d49373311
-
Size
1.6MB
-
MD5
1024fec3b2cca2d8731fc254914a59fb
-
SHA1
45d91a792f85805515fee405c53b9981ce67fe22
-
SHA256
741b5d17281b7e19ee8dd529a91b547c0bdf8938c84539f745ec882d49373311
-
SHA512
f3aac832937c04a62f2663dfd94be4a9645fb22b522c2711cffb8e9bf91630a9f128cb26b957db21225cc88f45c093cc054ebdb2ec67e47fa5b434ce3aa915ce
-
SSDEEP
49152:5iYBtU/Vq+vgnB79J3elmGO/mvUkk3R9PvS:RBtU1vgB7b3TGOuveR9S
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7dbaeca4ac219449e315df2bb20e786dfc5c304cb5d522d6e15619a91276ba3f
-
Size
398KB
-
MD5
d8f765c09c4b7ccdee780360b63a449b
-
SHA1
064dbe7139eed5510ecc24a0893b7e02418c4a01
-
SHA256
7dbaeca4ac219449e315df2bb20e786dfc5c304cb5d522d6e15619a91276ba3f
-
SHA512
f26497744246d6621b72abd70e8e3637026ff6bddf535eaf752834b739390aa4e6dfd830ab66ee429516e264f569f8b1822ad3fc6ab1d5ac6011c008a782a2cd
-
SSDEEP
12288:guiSWLTVm+lfvADXLo/JHIHFtocDtM+avbiwaQGC6:gsWNcP
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
889f2baa640211bf12947cfab6157ff93a774d0b4ed9568df0eb65952cedf576
-
Size
759KB
-
MD5
05e9b1e9e4a45d3390b5b633daa40716
-
SHA1
5829febba902de0be9afd3b3319f941e639ce8a9
-
SHA256
889f2baa640211bf12947cfab6157ff93a774d0b4ed9568df0eb65952cedf576
-
SHA512
5f55a5e74477426919414c3a969cd406788e58d75a4e9eb88876e5ebf331f9760129550a9fc65278581b587f993464cd4df1caad9982aea22a7d4b8f160ec4c7
-
SSDEEP
12288:dMrJy90gMXNMpwN+kHclWLslLMQcwPEH+J3sb4zTnvcgv7:oyRaOlCsqQcw5J3waDvlv7
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
92288ddafeaa0f77357b90005f63961458788f6cd7af44be378bd1de6a725c85
-
Size
1.5MB
-
MD5
425c8308ba915888c763598588323ac2
-
SHA1
9410ce870c4ce520e471918f4aae9483b41c6b07
-
SHA256
92288ddafeaa0f77357b90005f63961458788f6cd7af44be378bd1de6a725c85
-
SHA512
01ab83ce85b80e525c78b09b80092154fb7546340e848706e1ca2d4133b41e04725bbca849fa5c2c1e9eab4fbcf2a181e2eb86a7e8d5ec190f1caf25da3a7436
-
SSDEEP
24576:ZyRdA6tQPlsQxiyNcQwRZxDbV8Gubb2XY04aiWWcREuLBu1uAhzOkZ86+Hy:MRdAHlsQxiMwfRJ8Gkw4HtYBu1ucCy8n
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
9697ffb24dfe38f4a40e3cf91464543c6f5a47170c56b58a949e1a93ab9df050
-
Size
1.5MB
-
MD5
5b1b2dc80e055c1f9326a1559bde65a6
-
SHA1
ea89222071ba275583438c34bf4b4f8b3158f798
-
SHA256
9697ffb24dfe38f4a40e3cf91464543c6f5a47170c56b58a949e1a93ab9df050
-
SHA512
ebf613b3bedd1f9bb5db26415f70a35cbd03b5fd1ee0e7e1365802e39d434c8fa3324141c835ef2d0edbf47bb5e74413a1bf4f33e61148a577b082c454e31580
-
SSDEEP
24576:NyxMR3S1glDa50/SVv/sSf/D+JqaiuzDNV3vhwc9w8//Pkaku0bLYYddc8z:oOrlLSVvUSfyQuznpw0/cRbTQ
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
abd0fa453ed59d06e5c3d6cbafe873f404a47cab8f3c4bcd545fdfa7491ff4b8
-
Size
1.5MB
-
MD5
090c442ab1c3527cff4f2f6ecf5ff0ee
-
SHA1
b13d5874fdf1f09157903266f073595f3f963ed8
-
SHA256
abd0fa453ed59d06e5c3d6cbafe873f404a47cab8f3c4bcd545fdfa7491ff4b8
-
SHA512
a8c7cb90924db8e02d9e318706b8de9473fd1d0d90cf5aa2b6bc7f010267d1d16a837bda18ca2be90fa4b615a928b8ad6ef81c7973e3e7919dc79b19709c2720
-
SSDEEP
24576:4yP5FFcI1Vh7epXc+McyzpMXAVF18geTZ/hoFM4ewM269QDTExGMsP71:/P58IJ4rMcMiXAVoIFMI/C+IxG
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
b28f0b13221fc5aaa297029cc7c28a22c5b5dfe8aa6626036342ae0b862d8838
-
Size
761KB
-
MD5
b2dcabdfbf8b456e5d150752dcba2f53
-
SHA1
debe493dcb0e8abf0d6a4ede1ba178e5b0d8480f
-
SHA256
b28f0b13221fc5aaa297029cc7c28a22c5b5dfe8aa6626036342ae0b862d8838
-
SHA512
cedb134c0df27cd1a8e3736aa7f69fd9ea4241e250d87e7d8c978fa0e0c73d7c2e88cd021532bfdae6337b14d007331d6eaac3bdf18b0eef632ef24dfc15a165
-
SSDEEP
12288:wMrHy90cZo8wMkIK5vUBkYMH/v5+up8vhe8OPKQa6CDD4KQ2/XVu08zEQw5AI9cM:nynxb1K58qKE8vjPQa6I7fKA9cFu3
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d89a0550853b7067190a4816c540a6838fc7703bf9df0665fc491c92feb72adf
-
Size
1.5MB
-
MD5
e0838331cb44293a79942554f0e84be8
-
SHA1
3337c90644f3abd2097d4f64605500f902e7c1e5
-
SHA256
d89a0550853b7067190a4816c540a6838fc7703bf9df0665fc491c92feb72adf
-
SHA512
d66c8e738b7a8a6115fe2973778380aab22f7f57f5365c2e8a4f3de5205ab09f42ea6a0f33eb91414bed617e568bdbbe4cda1ececf437c1e2f45d03cce64d991
-
SSDEEP
24576:EyUZ5lFEBJT1rKp9725NozE/LY0is+KPwqih27rCy/ZkEJXqgJiqUTLw4OCTbsDf:TC5PEBJT1rK+5NozEDYvdh23hkeTiJ/D
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
db77a8c0688fc65498578d6fb53ea4154ece1d8d958e3b911f81835c8aa908dc
-
Size
269KB
-
MD5
7ec5ca4d34f4e800463edf4efb264e9f
-
SHA1
ff0a96b1b3e5f28a9fd9a288c5f6f65e1b1f26fa
-
SHA256
db77a8c0688fc65498578d6fb53ea4154ece1d8d958e3b911f81835c8aa908dc
-
SHA512
419570d3ff5e58ef4d2fceaeb9ea2135d5b6e9835cc74bdedd0e9690fe7f5182db53fd5a0aad174ad2a8dd7a3a8bbd83e925fdae522cff8b89977818a04eab3d
-
SSDEEP
3072:bQTHC0ctZI6461YHBe6Itf1/iTY6ce6pn++RcNLkBHgDK6gpRnUuEeAg0FujDFzP:bQFctlMQMY6Vo++E0R6gFAOp9Z+g35
Score10/10-
Suspicious use of SetThreadContext
-
-
-
Target
e00e311d4566f8b67392f945545d0e1ea579af2fa76c416042196eea3ca75753
-
Size
1.5MB
-
MD5
7964cb5a97e62e57f61be66176a87389
-
SHA1
1c334b41b699bd6252712e511f7304c081dce0fa
-
SHA256
e00e311d4566f8b67392f945545d0e1ea579af2fa76c416042196eea3ca75753
-
SHA512
5391152d80f48d68120f3a37018e764eca765db51766b5d7067927447fe915983e297b01da9fb9eb873a3e041d8f025c87396375ef4c49ca06c7c9364d6a8fd0
-
SSDEEP
24576:qyp47I/ToqZ/x8ezGGzzGuosA5Kfx1XZ5MgOVRjS5GECHcPB5KYPEyqfrm2fgNJ2:xp48z/u6jGu2Ap1XZ5LKTEAcPWYcyef8
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e0990290e38dc94b3c6a8bd8d028c230706f11717bdc17beb40d9a73dcfb2628
-
Size
761KB
-
MD5
06138684c4b8c192821da39e5acca07a
-
SHA1
e58549604d1d468fea175b8db2482018af6a7372
-
SHA256
e0990290e38dc94b3c6a8bd8d028c230706f11717bdc17beb40d9a73dcfb2628
-
SHA512
17c066953b74e0e7b5d284a2fe25cc2d7cc490104432b6c9da0dbbdd0f6be99b3d8338ad042828382ca09acd2156db1ec988feeab9ac2b25dc3496468ae93de1
-
SSDEEP
12288:GMrgy90DKILFwj2MGzpceuIBL3yUXyL5xfekP8zp6BltXY7LiELUWZxykBSG7:Wy/o4fGzuetB7dXydVeg89Ko7cQykoO
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fedbb32d49ceadba3f4f54639ae2d48c963ae6599b439f9922f20fc96716e84c
-
Size
1.2MB
-
MD5
76094730492ea88d8299d508bf86a603
-
SHA1
4f10b858908e81198486c5489cf4ba3c3ee6006f
-
SHA256
fedbb32d49ceadba3f4f54639ae2d48c963ae6599b439f9922f20fc96716e84c
-
SHA512
3aa8fca996bf4e116426e2cc961e19c26925a6c5546ab8f04b088939b6ee9992ebcebe7fa691cb75c5644de478a8fa78ca1191c8d33c5e7302cc02b4c3a8e46a
-
SSDEEP
24576:Dy31TXXKWNRn6cKMGelRndJzjO1O0k2WGtwSHo:WxnKWNR6jO61OT2WGt5H
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1