General
-
Target
r.zip
-
Size
15.9MB
-
Sample
240523-l4s52acf94
-
MD5
a331f4eaae0d01aed37cf4aa4d9e9094
-
SHA1
51abc36d3d655e57bf8a1b0f852e918cc8dcb4bb
-
SHA256
914615fc2a86a1a3aa8a108084dd30cc54e8b935b2f14f7def84c51a049c95c2
-
SHA512
ed14cdc0c13098acda433782cddd3e6939817b183cab0fa764af2df9b5c0a8c8f1ea961f676ab0269849ad7f4cffacb007d3545d5ce119ebd2c7534933b75988
-
SSDEEP
393216:L2BJHquvYyrlb7kjlHxeqYbtXjKz70vx8E4o:LSVgmoHxepa05N
Malware Config
Extracted
redline
kinza
77.91.124.86:19084
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
redline
5195552529
https://pastebin.com/raw/NgsUAPya
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
amadey
3.89
04d170
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Extracted
amadey
3.89
daf753
http://77.91.68.78
-
install_dir
cb378487cf
-
install_file
legota.exe
-
strings_key
f3785cbeef2013b6724eed349fd316ba
-
url_paths
/help/index.php
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
redline
mrak
77.91.124.82:19071
-
auth_value
7d9a335ab5dfd42d374867c96fe25302
Targets
-
-
Target
09aa894ba7cc236be8d443f3b9222b92ba109fb13098306f60f3ef9f66388291
-
Size
273KB
-
MD5
e64cf6dcbc6261be92f487f641460daa
-
SHA1
8b1298a13b4507692fb1b9f703fd06705bd8cb43
-
SHA256
09aa894ba7cc236be8d443f3b9222b92ba109fb13098306f60f3ef9f66388291
-
SHA512
2837b8435c98fb4f7418ee83884df7ce9d835aac2c7f60be298dc3de95f412681148115a9d252db65709b9d2d9c2e301735975273f386be4acdec23968e56055
-
SSDEEP
6144:0/rM7xuP5m0WGhA76iGtmqQkSZMfP3Za6n:4M7xkeui45lBFn
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
0a8ac35e43f621292035c3d74429426db38475babb90b9f0a7b48a6eb9e2d121
-
Size
1.5MB
-
MD5
59fc8cbe85eea5b535f8eca6a62c03f2
-
SHA1
0034320cdbdd2bac620d09d21a0f220b1a0c0263
-
SHA256
0a8ac35e43f621292035c3d74429426db38475babb90b9f0a7b48a6eb9e2d121
-
SHA512
62e875521712cac7ae7f85d929351abff8c99a28dbb4738505aa6b57cb8c180166644242efcd8ae8eb1da2f7d625e662fb0566ab8722ca82e99923d58059e955
-
SSDEEP
24576:Ry8BfcUoLS0vkIbLVQ612kLK9clo0tZ0KtdWlkknNbHR4GzaEsALyNS9:EQoLSIualX0GdsWGzhsyB
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1b7a61dc3f4d8e760c0fc26e93a4fdc49438eea43c70dc3927c7f99f2ab42d51
-
Size
646KB
-
MD5
e2db11b377767c7ba56c9431f36b58da
-
SHA1
3bec05b3db7568098f0f4bdcdb7d9d21ade87395
-
SHA256
1b7a61dc3f4d8e760c0fc26e93a4fdc49438eea43c70dc3927c7f99f2ab42d51
-
SHA512
c5ba5b4cdd5ceccd93d5f4a90145c31e907a8e7b3f4eafadfc5e1fa235f576031047302e94be9161f95e9ef1e006fa74b99bf4735336a85662a5fce79f3b6e1b
-
SSDEEP
12288:OMray90FFVjBHc0CmRuetVkt10YiPzUR0H7J0nT:gy6FVj2EuetVe1RE2T
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
551b1eafcb4ad29033561c600fd2cd92b4dbcea53d7714de0fb1b61ceb59b6e2
-
Size
654KB
-
MD5
9c272f79e87f707049e2b3ea38d8d734
-
SHA1
40bc0a5098a2e0adc245cc661bbd1d9d2e98daf5
-
SHA256
551b1eafcb4ad29033561c600fd2cd92b4dbcea53d7714de0fb1b61ceb59b6e2
-
SHA512
4b4f35e7ad407e1ad1ab4a4964cace0a5eaefba576467b983fb54c0ec148187ce4a0ce37ffeaf77513874bebbfcaf7acb1a5822d72feb42be7ea56365ccfa840
-
SSDEEP
12288:9Mrhy906+U8HnIUUc16ItemCIDZM5u0Zfm8ixy/Y/xXB2uva:cybY71btbZM5X9nig/Y/n2uva
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7ca70af036250048ae92d2d5fde5b7a3179535a16c027d4f2bb5fa57b04f5550
-
Size
771KB
-
MD5
b30cea05e9971bf44079d9275d9c3866
-
SHA1
6128e742a8214ce0cbe781d0ef5f4961364f5e9f
-
SHA256
7ca70af036250048ae92d2d5fde5b7a3179535a16c027d4f2bb5fa57b04f5550
-
SHA512
8a2e8024173c18eec5ff053103eaa3c900608fa95096b1954aa0d1f91f7ff93825aae947ac0365294cf7ee5b76d3f1e42db8ae6a0c7b3d447b0da4831f6d3840
-
SSDEEP
12288:9MrFy90XSs/fQTufC4xTPzblZug8Q2HuCuIhVmIR5BMFfEMy2Gyu:AylsJdfHugQHuKjmc52aMyL
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
8744deeac7c3aff839db1009ce9ff2e37892105dcc730c203816f9be8df214a9
-
Size
721KB
-
MD5
9a26c20f51835cb007fdff0db4ce43cb
-
SHA1
d367a8eb9da2192c49270744ddea30989279ca92
-
SHA256
8744deeac7c3aff839db1009ce9ff2e37892105dcc730c203816f9be8df214a9
-
SHA512
1fb9ffb86556d6c4f1b32379322920583ceaa41829103982aa5f07f8b52782d7e7425f9433084825588727cda7a483c88cf8acda53a8ce8ee624a7ab3261d04d
-
SSDEEP
12288:CMr4y905oyLLefbcmB20yALGAUMUjeueJ9Sd6ufO2/HXdKsbiNBlFK9rB:6yXW0AnHAbhFDujNKsbiNJK9t
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
8b831a9336cb726a32f32c055467a35735f51b643a2cbb5d4269348fd570bb51
-
Size
758KB
-
MD5
1cda55865e105aa8c5b07e9093741581
-
SHA1
e259fcf45723a7d6a23af3a2f8e966c7a51e6933
-
SHA256
8b831a9336cb726a32f32c055467a35735f51b643a2cbb5d4269348fd570bb51
-
SHA512
fc0af98f22107feaaab8e71041c1d3e9732e056a959f6e5e3e5ef2d6eee72992e7d42f373b3ed21111ad73a30fcb2c98d8b562f34b9b6a8d94e42b677e4de37c
-
SSDEEP
12288:HMrJy90JLRTFEEzne7LD3ZF/pHjwChGstrLt8h/R9cUywwQbU79IwDC:SysRrze7LDzpUChtBtM9ckwQbUeZ
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
9bcf3e48a23154e18a57f5f75e8997e1399e48275d8e3f11ae57ae34df1ede50
-
Size
556KB
-
MD5
040899caf7edf1bc3e51a4588f4e78a2
-
SHA1
b88ddd0efc7d17fba414e50563ff088771b8e3a1
-
SHA256
9bcf3e48a23154e18a57f5f75e8997e1399e48275d8e3f11ae57ae34df1ede50
-
SHA512
18a92030c4aff2efb602a10f554094274ea935e6ba10bab7f9809d01997671c7d646d151c489ebc9f8dd0ad50a8d90d2c2fb1a4e90c75c382e10b585f8ca9b44
-
SSDEEP
12288:yMrWy90llnnc4seQZ5nYKpU/zSZhp50zoPI:4ygseQ9U/zSnpezog
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
9d0a8b0afa79db37dbe567f56af169f6ab02e6ce973136343ada62eb54580f78
-
Size
1.5MB
-
MD5
64f89290a64abad100d348699d1b9f44
-
SHA1
09d199723d53d631f91050622213908aff44c179
-
SHA256
9d0a8b0afa79db37dbe567f56af169f6ab02e6ce973136343ada62eb54580f78
-
SHA512
dd7767deedf6e5510b08661597d7b761728061108c5f5ac508462013e1e7e653ef017550dbe4ded32c4bb9927e8badb17b197fb3bd7a0673c84c188d05fc263e
-
SSDEEP
24576:fyOo2HDFMX0xNO2I9P8cgLXCB3slm7URSAP7nb1PD339S7wb:qOxHKJPqc6Ico+jDnb1b339S
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a4577205375947aa64ee39ff4d1938582d51a0f54aa5db974cf2942d70642f84
-
Size
1.3MB
-
MD5
7f93422a0105054fdf3104e91f1cf9dc
-
SHA1
5d1e5a9ac39269f2221e37337887268c6e243694
-
SHA256
a4577205375947aa64ee39ff4d1938582d51a0f54aa5db974cf2942d70642f84
-
SHA512
6ff253dab845e027d3fcb48f82161100573b309194fd25389e2e3b008aa9d3f24cb0d762d137ac13a540cccd6e1ed25f18a233cfe2d09d31736cdecefc0a75fa
-
SSDEEP
24576:dyaQP2HcftpxC8y2loSwFJkGI7bIYL6hZpTdmDUd/loMI:4au3VnploSwFJkGK8DpZOUd/lo
Score10/10-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a6aa2043f478ddce45828d300d2a16520cd53a9cad9b7a83a8534bf055146784
-
Size
1.3MB
-
MD5
315229a53aaa0d9b913b6459af465c47
-
SHA1
f05e4da7b3a14c6c12dea9433c815eb7689d2ca5
-
SHA256
a6aa2043f478ddce45828d300d2a16520cd53a9cad9b7a83a8534bf055146784
-
SHA512
8c76d8b48f3889ffb3b40511e8111dbaf49e157208eb4670fcb4d778985067e01cf0382fba7540b3e9e4efe92437ffc0c93b6ac99d8c4b117f53cbb9a088fcdd
-
SSDEEP
24576:ByovW660WwC7kD3fHu3H37VNK8K6xELHizSn+O5GlBbok6N98:0R6+7g/u3LVN6/HizSnZ5EBbM
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
b52c912b9847cdf65a1dcf4bf8c550affc88bb7a8d9de2f77219a62d75890ea3
-
Size
644KB
-
MD5
060f37cf5b6aff670a7c992f5e114da5
-
SHA1
0170cda8cb424a2871c20395bc071a5ad9c17c76
-
SHA256
b52c912b9847cdf65a1dcf4bf8c550affc88bb7a8d9de2f77219a62d75890ea3
-
SHA512
86767cd3e35d22ed5b65212fec073c96907122e7ea21499db61b0f9ab4cf1c62b22afe3732a0eb63b3f83107c1b90e7a502eee9075ec3728ccacf4bc9e0f73c5
-
SSDEEP
12288:gMr/y90CD0wEl4tQEwEvJDIqpoM85W0KC6VBBAvNOc:PyPiGQEBN3pkR6VBBAlOc
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
b9636f454e7a68c89164dedcf58da53a18aeb784c2db2df56f5684178058c7f7
-
Size
661KB
-
MD5
2039021a8b1902d9371bfd2f8cdda163
-
SHA1
3f70273299310a3b3087e8e922f245f31797525d
-
SHA256
b9636f454e7a68c89164dedcf58da53a18aeb784c2db2df56f5684178058c7f7
-
SHA512
8969c9357400eda5d5520483bbd8c5b461a41194a7c51a0c3bc09f4ede8082ee200cf56e1a8a7b9e4eb28be7c84e1873e7f0c6f6036bd3d66c7ff1e5e56596c1
-
SSDEEP
12288:2Mrry90puJE/T6HMfeKwfoWAac2oFJLwvK9MICg8n93J6yA:FyiAO6HMWFfnFc2CJLwS6fn56yA
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
b9cf5844f6f5b6bc020ebfcf05d096f8176125e06f1618580463eca739c9b3d1
-
Size
1.5MB
-
MD5
021891a672841cff00bd936e7caea8cf
-
SHA1
1ac9bd9c0375e4f235992904567ea7ecc2cb9643
-
SHA256
b9cf5844f6f5b6bc020ebfcf05d096f8176125e06f1618580463eca739c9b3d1
-
SHA512
a53cbd4ccd8dddb6a3168c96b5c4375f8cc6bcd97f107387b86d81f60c4aff8521ed894189ea7e938cb10da4c7af4c14a301c31b36ffb6c80fe44e50d0c696ad
-
SSDEEP
24576:QyTDnMoGCUOrEGholR7wyUS5toE59dnu+tXHYCT9QoX7irDj6yeEdR4IjY3w4:XPMOZrKj/N3oE5Hu+tXHjGrD/
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
bdef450da794b4f4ae5a97848eb8c7e8075b0a2f19e500d6373ad4d4da725b8e
-
Size
648KB
-
MD5
78560e3710160b589c68ffb486269717
-
SHA1
d7947a041177ec309ddcfbdfac376d93127f33c9
-
SHA256
bdef450da794b4f4ae5a97848eb8c7e8075b0a2f19e500d6373ad4d4da725b8e
-
SHA512
bf231646ea976ceb3ef1fc5248fb54051bf7c23f80adaed24ceafe4764757c54c0cf081d7ea915c2b6bc645280d067bcd3cc81d129d8f949d5aca6449df270f3
-
SSDEEP
12288:QMrfy906D01jVaMIgw+rPQUDcrNl4I7mSor/2fxJ3bNIxbeuBK:fyhGjoMFwgPQEcrNrw4xJrNuez
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
eae63cf77a61c6d0fdef1aa4ee5b17218c6245ddb0a23c6b72a19176b5095ade
-
Size
376KB
-
MD5
b6a8649b0e8ce28a25ca6dcc69e0fd96
-
SHA1
6e814879b9f8a6439cf70e836faf6eb30adc5f78
-
SHA256
eae63cf77a61c6d0fdef1aa4ee5b17218c6245ddb0a23c6b72a19176b5095ade
-
SHA512
0eba34cc22b5ce72a3e35204d1adfbe2141b13efaa6d50169e8611d808e42941c004f8db3dcf9674f63488eb6d1acfacbedfda78db79802f256ebc2432e2f817
-
SSDEEP
6144:KQy+bnr+zp0yN90QETK4O8andeWEZYZZT/mHr9cxSrYNbIcSjZzcwfG+XqYW+2:QMrHy90tbO1nGWT/0JcxLkAwxXop
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
f1c0aed941c5429f8f293ac0efea5efc12bafcadd77be2033716f222b3f38402
-
Size
769KB
-
MD5
6ad5acba9fac115f556dd12719ff1ecc
-
SHA1
e5d3c8919857d1b053d68ee513361499abe964ca
-
SHA256
f1c0aed941c5429f8f293ac0efea5efc12bafcadd77be2033716f222b3f38402
-
SHA512
d0e325d4d94240f220c01c4f5af333d9aa9e8619f8d0519985de51a7ac447c8e6a5ec2cdb83ee476bf419b47021327412ad3d0396bf42f254e5f18fb13f3414e
-
SSDEEP
24576:jyOEMwZw45iGlA0erOKdEsDoAopUz7F98HY2QgL:2OnwZViGlLJKEMopUz7FSd
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f1cfe53024b51863e86f65b542899f29902cf448eed0ef609d8fa925d11e3542
-
Size
768KB
-
MD5
0bbee052c2354d201a7d39cdca4b6f85
-
SHA1
406a96d08c63096f8f116fd05c0b09cc78f61b0a
-
SHA256
f1cfe53024b51863e86f65b542899f29902cf448eed0ef609d8fa925d11e3542
-
SHA512
bc7e8fd8020ff79ac45c9c31545cc0a7ce203f75340d609f52261bff0d5c285b39c0ba5ceba4785ce256a59437964ccd43c55d7c853d4858408255fbaa0b1e21
-
SSDEEP
12288:iMr7y90zpu5JOahqQYq60RrSHVA2vJ4pBWi3HPuEgBLy7e67zh7:RyWpczYw/2vMBWWHPuEk2e67t7
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f726f9f1096ec4de08baa4d02b85caf3855704f948bf62de21cebf55aa17c9ad
-
Size
761KB
-
MD5
aacb1084e9efa1204cedcaa63bcee7b0
-
SHA1
e3f44fc51f3e7aec444fdfbb8aaf26ab64ac2564
-
SHA256
f726f9f1096ec4de08baa4d02b85caf3855704f948bf62de21cebf55aa17c9ad
-
SHA512
832e133e36ece38f5fa0c5d8efe52ef3ecccb60203c594d1f3ac34f44a11ddb59d318ca181d6381bc7811d0e28f798c856cfb8815a971d756326e0a89f55efff
-
SSDEEP
12288:8MrAy90hZQSIC7Euz5dfRIqgJCCQgsEdms5FrWHujZA1Db+1z+Yb0BPY:UyIZQS5EulXIqO5xZcmWOjZkDIzPb0g
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fbaaf142d79893fa37e6660341cd9130ad99d286884dba77eee9ee008a2a1f90
-
Size
994KB
-
MD5
377ed6988bf4050b701fbc6118cc19ec
-
SHA1
6516efa34a64861d3dbc1b0b9db4f42d081c2528
-
SHA256
fbaaf142d79893fa37e6660341cd9130ad99d286884dba77eee9ee008a2a1f90
-
SHA512
771c517f4b754cc1fdac4add8ef40494d0ceef69f6b7fe667089b0e09dbc1930283c4100ae9e4f8a5f29b026d250e01b72357e55e41d0dfed6563a772cdfa4d4
-
SSDEEP
24576:1yXMmjNjnmtJOONx7MOH2onMMm/QD58kE3h:QXMsNjnS4Y7TWkMMm/Iy/3
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
19Registry Run Keys / Startup Folder
19Create or Modify System Process
10Windows Service
10Scheduled Task/Job
2Privilege Escalation
Boot or Logon Autostart Execution
19Registry Run Keys / Startup Folder
19Create or Modify System Process
10Windows Service
10Scheduled Task/Job
2