General
-
Target
r.zip
-
Size
15.6MB
-
Sample
240523-v6sfysaf8w
-
MD5
eab96a3d7adec4f1fd1e48d28f9e9636
-
SHA1
f785f0b3872ec4fca8772c13c8dc5d1dd9ad759d
-
SHA256
a44d7397ca2486a37cfbc6cd473037b204a5fe4678303dd2f187c814c85f25db
-
SHA512
95156b3f44925b6e35cfc4d07d8aabbbe20813bf378bedc0939486ff71f5e3e31cfc8e314ba34bf4425356827b89a0903d8f2ff3392f9dd55241cc6f2d7ccf19
-
SSDEEP
393216:FkY/eXAVn4TjlQOEnePNw9BsaO6AHtXtxp7K:FtWXAVUyMPO9+aL4tRK
Malware Config
Extracted
redline
nowa
77.91.124.49:19073
-
auth_value
6bc6b0617aa32bcd971aef4a2cf49647
Extracted
redline
trush
77.91.124.82:19071
-
auth_value
c13814867cde8193679cd0cad2d774be
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
amadey
3.89
daf753
http://77.91.68.78
-
install_dir
cb378487cf
-
install_file
legota.exe
-
strings_key
f3785cbeef2013b6724eed349fd316ba
-
url_paths
/help/index.php
Extracted
redline
lutyr
77.91.124.55:19071
Extracted
redline
kukish
77.91.124.55:19071
Extracted
redline
virad
77.91.124.82:19071
-
auth_value
434dd63619ca8bbf10125913fb40ca28
Extracted
amadey
3.86
88c8bb
http://77.91.68.61
-
install_dir
925e7e99c5
-
install_file
pdates.exe
-
strings_key
ada76b8b0e1f6892ee93c20ab8946117
-
url_paths
/rock/index.php
Extracted
redline
maxik
77.91.124.156:19071
-
auth_value
a7714e1bc167c67e3fc8f9e368352269
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
redline
gigant
77.91.124.55:19071
Extracted
redline
ramon
77.91.124.82:19071
-
auth_value
3197576965d9513f115338c233015b40
Extracted
redline
moner
77.91.124.82:19071
-
auth_value
a94cd9e01643e1945b296c28a2f28707
Extracted
redline
5728088920
https://pastebin.com/raw/NgsUAPya
Targets
-
-
Target
2ae72cafa8f21759370b4609f21d845fbedad29052bfdacb21408b021b7ef6de
-
Size
312KB
-
MD5
41798ee0cf926c8d9b6e2b8a5cf52b66
-
SHA1
c778cf3a3cb8d8736065dab99230129589712f5e
-
SHA256
2ae72cafa8f21759370b4609f21d845fbedad29052bfdacb21408b021b7ef6de
-
SHA512
80c77a4da07fd7be8cf489d88556a537443b761b57acbe65a2bbcd6f56795213c0bf7de21543a01678f322604e5753ece01f57b00da98cb85630ad734a7e778a
-
SSDEEP
6144:KTy+bnr+Pp0yN90QE97yJXm/9giavC1OlG3KoBsdFeOjjpcVhPbE:1MrHy903W69g9x83KwsmOjjpcVhPA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
2d225565e090ae7f3ebf2de337fac7a1658473382e87c3cef7cac8a13b7f5ebe
-
Size
731KB
-
MD5
77d27efd5c42bfed4fbc15af6461b04f
-
SHA1
1d8e3d0bb2e1560257ddfca9cbf1d92de7722c2c
-
SHA256
2d225565e090ae7f3ebf2de337fac7a1658473382e87c3cef7cac8a13b7f5ebe
-
SHA512
68a474f4021be855e74d8bf6c8e45b3d64480964a7ae2f3a559fd859988ccfd6f322cb94e7a0f9a4f8e49faa0bbc8a9c79fb774562b585e5cf010127f3fc42d9
-
SSDEEP
12288:VMrRy909oJomjcs/4c7SDjZCjqEP9ylQSbY5dJJ9Hd+FwPCHMnY:8yhbcsgc744q+QlMdJJ9db2
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
5f94dabf691f3432b26ad16c1f7ecb24292db785b9562faeb1131ea9306e6a6d
-
Size
1.2MB
-
MD5
afec0a32010542d6eef2c43f978d401b
-
SHA1
a0024019ef66f21995cbc6957c32fcfde507a951
-
SHA256
5f94dabf691f3432b26ad16c1f7ecb24292db785b9562faeb1131ea9306e6a6d
-
SHA512
e005ddcb3b276dcf635ae96423f6d78b86bfe06febba57f3cb9fba0fc31f11002e9c20a1ae02e5c2bf6129cd08fa95f02c7c3db8608888b57aff802f57256d63
-
SSDEEP
24576:PyerYcveCuhO4DWmHJKjEZmmU4r+De38aPD/dLvJJXOMdJ:a4JvzeWmHJKA08rfsqFvJvd
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95
-
Size
332KB
-
MD5
7309fca9a6af6decce73c4243a826af5
-
SHA1
4567ebd86d7c877db55588520569c8b23ddc9ac0
-
SHA256
65296f468099ebcd60c98ae5a6f7f005a227427a05eda0790e32e2f0c0061d95
-
SHA512
312d47fc63601fde26ccc563c3a3999528f9ef19d75a63b91be38d45e4ad77302fd31593bdccd25aa8bdc6e915e6de820c1b1914c0d0be249ffcfa160e73272f
-
SSDEEP
6144:K+v1KlJPEF7c4i/93KJ7JN7Zi8A0GbkthVuP90EjKjrOjL7:oPEF7g4JO8AVk7VuFZWrOj
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-
-
-
Target
7618ddb9e4a4f8eb9facccaca5f824467c35a2b211a133dc5f4f30148b77b907
-
Size
272KB
-
MD5
37f45e7cc0fd688aa2cb32a549382d90
-
SHA1
c614ff464123a61ebe7c78f22dae2109b30be772
-
SHA256
7618ddb9e4a4f8eb9facccaca5f824467c35a2b211a133dc5f4f30148b77b907
-
SHA512
9c63e2f401ce2bded0f7f21d4cad2959cec78863ea007b9b92112633659938fc8f404a2fa07c88d7fd6e76645d0acb627914f34b1a36fc93e652cff67dc9b925
-
SSDEEP
6144:KMy+bnr+ip0yN90QEEdTwoe7P0PF+BR4OjfARI/S:0MrWy902w9L0iR4usUS
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
8865ec3f949ea2778d72427ba8f147c8a4182420bdfdbe11b0a8b53c48b0a95a
-
Size
472KB
-
MD5
d6c77aee19125bf471f8b1eb16909cb7
-
SHA1
0abf3936ab48bba8059d076900ef8c23f9015429
-
SHA256
8865ec3f949ea2778d72427ba8f147c8a4182420bdfdbe11b0a8b53c48b0a95a
-
SHA512
88c00e5c2ea2c6157eb31d1b6cd38576760d17538554b948cdb7b24386dea01d6fd2c8e76a508e69e9b6cb76d0cbae8810837d2af5d69b753d03906b9be399db
-
SSDEEP
12288:sMrcy901CrIPDjItm3uqFGxQx/p03gPZrteZ:4y3rIPDjuXqFGxQx/p1PfeZ
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
8d796a364d2a62b12d9a28d63b8503f41de8f9257083f87c02feecdb89c729e4
-
Size
1.2MB
-
MD5
df37a77942e209ffd551ccbd8a891298
-
SHA1
fdfdc4f2d1a99d36ec9094966b13b9d7f363e64b
-
SHA256
8d796a364d2a62b12d9a28d63b8503f41de8f9257083f87c02feecdb89c729e4
-
SHA512
2d38aacd910db9858c6c5209cdfd373257a9ad9bec99bb442cb9e6107b5c05f1407d19d7f6ec0938c495e69e199dd918aff1eb72f59abc5d2c2a58737c749ce6
-
SSDEEP
24576:VyNl1Y8BGfhfMJ4tpDzfS7+JmYXd4EgielWg:wNlW8GZfxjfKBwJD
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
aabdc92d3092215c39aff5ff3cdd7b86a2827e8ddaa5a11c8ac53332bfd6fa96
-
Size
884KB
-
MD5
b76e5bb2b2bcb1c45f4732bae27648ce
-
SHA1
582205cbe1ef05c525c49d762bf9d0138d2fabd9
-
SHA256
aabdc92d3092215c39aff5ff3cdd7b86a2827e8ddaa5a11c8ac53332bfd6fa96
-
SHA512
b5df9d18ba2fd30ba47211d12d0dce5b79663415b4f67aca0faa27314ecadf9d573bb32d16f767408efe4c906890b8d240abdd415826ff5ec95d519708d01284
-
SSDEEP
12288:1Mrpy90gle5LilXuWCqZmTn3/Q+O0MiAbc9ntk45+9Egioas4zo/:UypldtpUTn3/Q+HZtN5+992k/
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
bae99364dcd24884412ebf95baa476884b86666b0891ad8f7c642d1e72901855
-
Size
1.3MB
-
MD5
7529bdfa5dbc18c1f73f6606e98b4e9b
-
SHA1
a1523edacc0dc68672d5b912f6f8b41b2001efd1
-
SHA256
bae99364dcd24884412ebf95baa476884b86666b0891ad8f7c642d1e72901855
-
SHA512
3efa3ad436d23115d1affb20d5d73700bae8279dc173bfa33fbf59a18486592d8eac38308409ea061f4715c273511ebb1975297f32d7e889a2582adcda11557b
-
SSDEEP
24576:aysk1sNnbCUxNG+VA/YgX/4vmG5BvPTDS63rPUEQ/WLcJP:hsk1sNbPxNHy/YC5UvPHBrJQ/M
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
cc35c0b2bc4afaa3e56d0b585ddf1928790ef237331a245ad0eb919b4e8c2524
-
Size
1.2MB
-
MD5
3393509c6d5b05efe89878eb3fb3013c
-
SHA1
1175b7a8c3a888e248fbf4d411e6e4f0c6542c1b
-
SHA256
cc35c0b2bc4afaa3e56d0b585ddf1928790ef237331a245ad0eb919b4e8c2524
-
SHA512
55ae1e3a88cd346e7152acd04d8ffdaaac70ed786e72b2851a8e7850d230f16fb976925a0e32ff886fe3b57b8c9032c1aea92fe2e869e92326b5fd67d7e0f445
-
SSDEEP
24576:RynSsXBtQ8o6btYGpIUdyvEf8ItfpQ5SmbimdzOG:ESsXBtRo65pI2g+8ItERdS
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d63c4114c36e73dd975c0cc4a3dc67316e090266f64cd492ec17a7dabcdbe686
-
Size
396KB
-
MD5
e7d5f8175739a99197745f7d356e9f03
-
SHA1
85e5e78ec7d4751ed9e445e6792d3d2535d98f73
-
SHA256
d63c4114c36e73dd975c0cc4a3dc67316e090266f64cd492ec17a7dabcdbe686
-
SHA512
c26a167ebbcbc8f512bda727eaf50c4053125749e756009f61295d654249241713e024d3f6fa3fa9d7fdc9fb0b1df1212a765ab528b64a05cd77648b6c5c6c25
-
SSDEEP
6144:KGy+bnr+Fp0yN90QEukMJOlJbl/txy9ebMWv/i0OWRTlsgf3VwWxg/tA0FRVz1hL:GMrNy90s9JOn5qO7DxRGEFr6ZhEjfbO
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d65bb810ccd243a6f5edda6c97b9e2e03e46b6306aca9415c3ae84a27a61a7a7
-
Size
1.3MB
-
MD5
0c51767548ed6965b9d3ccb2ba84cde1
-
SHA1
000014edd0e804ddb4bd99aebb086efc76ac5a03
-
SHA256
d65bb810ccd243a6f5edda6c97b9e2e03e46b6306aca9415c3ae84a27a61a7a7
-
SHA512
6d1695dd7859f54b6126544650421367b741330212068673402d9f971587ac27a9e9c721934decea3e4f7ebf9f8c6d43b123a2e12c6f7727b40f3d1575c76ba0
-
SSDEEP
24576:uyiIDMKCYrzNfqjQXkOikMzAm4vtksKlet5XJzNtaIIcc52ig45Kx1I+B:9iIDMKFrJfqcXkOTMsmInUeXJ2IVigg9
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d76483096202fb3172705ac386f325854d2d6409275d9bbde9e10e329832b2c8
-
Size
769KB
-
MD5
4f98b84064e02998c0704c24e4cdf335
-
SHA1
eb839525ab5e8a2b57ca801780b7c4cf82022bd2
-
SHA256
d76483096202fb3172705ac386f325854d2d6409275d9bbde9e10e329832b2c8
-
SHA512
49d8501731a4409071d3d691b7d4fadbb636fa51e1ef4bf3e61d02190f75651eb8cd5a930b716d1cffd8bb883cee60e29d5c6409fca305644d679172878f6d2d
-
SSDEEP
24576:/yO0MJVj1CUPrHUtQSXXSxbWg0MUyK+o90z:KHM31xr0tQSyZWQUH
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d9124df1a48c55317dd58c4ab328c969efa7a2d673ba2134c19648e01de841d1
-
Size
390KB
-
MD5
3af121030f860f8cdb00df0f76d33eee
-
SHA1
d08b4343f323e65e7276951b6234b00b63b61fc1
-
SHA256
d9124df1a48c55317dd58c4ab328c969efa7a2d673ba2134c19648e01de841d1
-
SHA512
cd358c9c9fe57e9849d6180c324b05ee2a8d62feae2cfac7a80afb3661ae1a7d5d880095cdd35b50a6567d613506ffc78eb5455ae6d95f009cfa1637a118e1b9
-
SSDEEP
6144:Kdy+bnr+Sp0yN90QEmyvzJ8b9UCTqnV1lS+yyMmmLrMZjWAuGGDPR8I:rMrey90B8b2xVTS+FzWVfRh
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
-
-
Target
e1564be8f124041c0c125d9557c302f4631504d0048e1c1f41b6abfb473ebbad
-
Size
928KB
-
MD5
5f7d972246ac7b99d22559f422100798
-
SHA1
2286717f0343e7d12dfba0f80f313678795fe5c3
-
SHA256
e1564be8f124041c0c125d9557c302f4631504d0048e1c1f41b6abfb473ebbad
-
SHA512
6f17fa1e7cea506c16e897600ce4f5e91df27a2682525e7ed49261a9bf0f1d283c1fbb0b8a095e57ca033bbc478591e863280baaa01f25791562fbd619d4363c
-
SSDEEP
24576:vykpjd/S0hNVQ/3erayK6tvfsnpBzX1rGhdC9sc9j1L:66R/RNVW3eBlknptRGhdWf9j1
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e7ee230707772fd1bd9dd07f526c692dfe119bca41b2113cadfcd511a5416cd5
-
Size
1.2MB
-
MD5
dbf8c4938f5d91edbe1397152cd798e4
-
SHA1
1504a1c541e719d2ee3632f75eda67df89dd2d6c
-
SHA256
e7ee230707772fd1bd9dd07f526c692dfe119bca41b2113cadfcd511a5416cd5
-
SHA512
7517f63dfa3127e89db5a4bf65013112f3c25990349beae782ecc77b5d7a091c71866ad1e70832e50aead3259d7632b064d55b299fa0938de1e230ddb80a0c2d
-
SSDEEP
24576:cyWfF+5tfwol4Y6uxAZNJTn8TH0SGujiVknqqIefUrobxH4g:Lu+51wit6uWNJM8ujrvffBxH4
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b
-
Size
598KB
-
MD5
f9305f8c01feede28b3af484efc7e885
-
SHA1
c7c26d98b578f15ec3456bd76e5ba11ce8c9b5fc
-
SHA256
e8a7f5f2b344eb468a91c59dbe8699a08d71f9b708a1134c8948cf194516594b
-
SHA512
e6344b60223e82bcd52ae1635281e4494ff9fd1a7f95da0fd6bcc93463d7cd5c8bb9dfcabfde585906e26e401b1a76be00d799f5e21ce5281b988b5f6922cf35
-
SSDEEP
12288:oMruy905un5B6oTfvVlCHP43ZdnjvNlPSKgZdv85uhzfjA:2ybB6oTfNlfpBjvNYjUuhg
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796
-
Size
1.2MB
-
MD5
ed974ae3de86c69a6f5c807463948ccb
-
SHA1
769f8bd5816eed350070769627d06525f76f12f8
-
SHA256
e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796
-
SHA512
36e359c4e8003aa0cb67c86c9726672746d9f8183e8dc02a8d66f6c3368a9d395c04e381c5d1c2c51bdc6f7264dfb29e6736513c1538717218e2c4eef37a5708
-
SSDEEP
24576:fyeUyRGbDVQC1PTwuV1ceIL7iVJp81sv7xl5of92:qouCCtTwuV1e7ibplCf
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
eb214d5f5806ec4617c2b7cde5e3a5beb5a3c254a391dee7605decfe13174bc6
-
Size
272KB
-
MD5
b85a6355f3e5fd26b8f3113ddbcab738
-
SHA1
8684ff2b793ce7a85240e2046af07140ccb1c490
-
SHA256
eb214d5f5806ec4617c2b7cde5e3a5beb5a3c254a391dee7605decfe13174bc6
-
SHA512
bfe328c86534b147900f19b04744a039d90799a2cdeaf2b40ce0ba77ab471030b49d0829bff1fb3735032a6945834a901efd56530a98fa5e0b7e0f4c28a094a3
-
SSDEEP
6144:KMy+bnr+ep0yN90QEzd3Y9nn/kYbc6DekZzxR3+tjF:4MrGy90tdo9nnrDekTR2F
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
edacb614f4d4ad4a3dd9e9d5ad37ba56d1e7d49ddad0b14ca3ce632b0a820f95
-
Size
1.7MB
-
MD5
88f98b925e9d4ae94d234ad54e3504dd
-
SHA1
bff0cc91d6c961a3894f16f2577da501c3cea8db
-
SHA256
edacb614f4d4ad4a3dd9e9d5ad37ba56d1e7d49ddad0b14ca3ce632b0a820f95
-
SHA512
4f87a4643cdd29b02a9521a0e40f8e856cba671bdec0bf73ba990cb462eff82b59ffa7e6256c126b4862851783edf2b346e0f77c2c163f26847a59944e4f0889
-
SSDEEP
24576:PyOK+y3nec7jkb3FHoXlXfyvUSBD3QiCt1M9udFzT5Fbdz/n6cniPecd4gGMOG:ar+y3neoje1IBCjq3M0Pp/n6ctc4
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1