Overview

overview

10

Static

static

3

0d301494f1...b9.exe

windows10-2004-x64

10

17123cde24...76.exe

windows10-2004-x64

10

3513e5a1be...0b.exe

windows10-2004-x64

10

3548eb3ee0...c3.exe

windows10-2004-x64

10

37bb007e1a...b5.exe

windows10-2004-x64

10

3b8019115c...d8.exe

windows10-2004-x64

10

3ba16fdd2a...8a.exe

windows10-2004-x64

10

3c47d4d72a...e8.exe

windows10-2004-x64

10

5598d9028e...fd.exe

windows7-x64

10

5598d9028e...fd.exe

windows10-2004-x64

10

5d95f47641...f4.exe

windows10-2004-x64

10

61d857a524...a5.exe

windows10-2004-x64

10

64f004d4a2...36.exe

windows10-2004-x64

10

7787b07a17...49.exe

windows10-2004-x64

10

7cc3996906...7e.exe

windows10-2004-x64

10

825d0619a8...ce.exe

windows10-2004-x64

10

9e6f3fd3f7...c2.exe

windows10-2004-x64

10

a49c96afc3...92.exe

windows10-2004-x64

10

e2945d600c...9e.exe

windows10-2004-x64

10

eb8cedd00b...3b.exe

windows10-2004-x64

10

f9bdee7f3d...5b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    141s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-05-2024 11:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    64f004d4a260338ba4eea50516df52087bab791fd6eb50d0b4eb189e6e13bb36.exe

  • Size

    271KB

  • MD5

    4ad462c2955d05dcddb69f4ca8d8b504

  • SHA1

    fce5d821b79e9c448664c694e12661d73819e46a

  • SHA256

    64f004d4a260338ba4eea50516df52087bab791fd6eb50d0b4eb189e6e13bb36

  • SHA512

    fc96ff0c391a66600703ef957ca9d1a9e4b126b3a001e12e8c9f40ae363a5a8c473899ed8a929edb9268e23aa342284d80abeab64b3340ac3b655943331d3624

  • SSDEEP

    6144:Kwy+bnr+rp0yN90QEyd3Y9nR/kYbFXoUzciEQtRv8:UMrPy90Ido9nR5F/zcStRv8

Score
10/10
mysticredlineviradinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Signatures

  • Detect Mystic stealer payload 1 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\64f004d4a260338ba4eea50516df52087bab791fd6eb50d0b4eb189e6e13bb36.exe
    "C:\Users\Admin\AppData\Local\Temp\64f004d4a260338ba4eea50516df52087bab791fd6eb50d0b4eb189e6e13bb36.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4292
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\m5269619.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\m5269619.exe
      2⤵
      • Executes dropped EXE
      PID:4720
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n6761123.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n6761123.exe
      2⤵
      • Executes dropped EXE
      PID:460
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
    1⤵
      PID:2304

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\m5269619.exe
      Filesize

      140KB

      MD5

      5ec4db0dd00a578ff42c721f4af96543

      SHA1

      050d32ef5ec09bf8849edc51d9357d676c5e84e2

      SHA256

      9a6dcac78ec279de8aab5445fdab7fd80d2d96f5bf458860be17174798aedca0

      SHA512

      accb8dc3bc5bbd95d78a1857d7087e7e8001fe53395904dcc896456f01c5d78b3ec53e051ca4d595681bfecd9eb846568b39b47218d6008940e6871da028a3ff

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\n6761123.exe
      Filesize

      174KB

      MD5

      e786f7b019bb0b14ecf6ce028af0dafc

      SHA1

      a817380b0dcdcd396fb53b92f85a599254de2df5

      SHA256

      c4d3477c71d1e86b5cab3bfacc65937b102cf138d90e6d213bf1823e099e9bb0

      SHA512

      2e26c31517e0d6a13e92f55fb116db6c6e9ebb4afa48d4590a815264c99557cf30718b016e2a88590e13d8af672adf815f7886cded33073d05846c96963bcedd

      Download Submit

    • memory/460-10-0x00000000743AE000-0x00000000743AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-11-0x0000000000790000-0x00000000007C0000-memory.dmp

      Filesize

      192KB

      Download

    • memory/460-12-0x00000000050B0000-0x00000000050B6000-memory.dmp

      Filesize

      24KB

      Download

    • memory/460-13-0x000000000ABC0000-0x000000000B1D8000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/460-14-0x000000000A740000-0x000000000A84A000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/460-15-0x000000000A680000-0x000000000A692000-memory.dmp

      Filesize

      72KB

      Download

    • memory/460-16-0x00000000743A0000-0x0000000074B50000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/460-17-0x000000000A6E0000-0x000000000A71C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/460-18-0x000000000A850000-0x000000000A89C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/460-19-0x00000000743AE000-0x00000000743AF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/460-20-0x00000000743A0000-0x0000000074B50000-memory.dmp

      Filesize

      7.7MB

      Download