healer

Sharing

General

Target

r.zip
Size

11.9MB
Sample

240523-vjydpaaa49
MD5

91e1672af1ddcdfbed7c993eaf0fa764
SHA1

9419e82364259b910659a50df6634c91fe522360
SHA256

1aa612c673e0e8506776c3b8740894f0947bb33bd7b5f22dc14212289801a024
SHA512

4fb51fac7ad2a7ff807297eefa971494a433edd21d89e7f1cd2fec1154a4dff878e2213db24d3d22ae645e850f6c2b1f6cb9aedac40fc6aa4ac8211f4d9e22fd
SSDEEP

196608:i/aCEyPnwF0tZQSDK+/7I2xOtEdO6LdynlEeKtI3nLKSXmJ1aNm6:iAhkhQ2UtENsaeK6bCaN/

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

virad

77.91.124.82:19071

Attributes

auth_value
434dd63619ca8bbf10125913fb40ca28

Extracted

Family

redline

Botnet

jokes

77.91.124.82:19071

Attributes

auth_value
fb7b36b70ae30fb2b72f789037350cdb

Extracted

Family

redline

Botnet

lutyr

77.91.124.55:19071

Extracted

Family

redline

Botnet

vasha

77.91.124.82:19071

Attributes

auth_value
42fc61786274daca54d589b85a2c1954

Extracted

Family

redline

Botnet

buben

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Extracted

Family

redline

Botnet

frant

77.91.124.55:19071

Extracted

Family

redline

Botnet

gigant

77.91.124.55:19071

Targets

- Target
  
  01567b40cb3e924a51cbabc35a519f509543064c72cf4079446d7ffeeac19c54
- Size
  
  662KB
- MD5
  
  13100505f9688c1c91f93a58863d205c
- SHA1
  
  0548ed9abfeee7127fa3d0c4968ccdd72c618b17
- SHA256
  
  01567b40cb3e924a51cbabc35a519f509543064c72cf4079446d7ffeeac19c54
- SHA512
  
  3bb4e21e179cccc6edb49230ad41679dc307d0c42f294bb6f229da731457c4b7dc908175677e3c41b76e1d51a47f6ed8d0cdf62ba35eb005b6778df038fea7ed
- SSDEEP
  
  12288:MMrWy907H3UGXCjqvR7gRizYrqlY/4cDarMZcKWKdFjZE1OA:ayEHE4CjqvpMpyMFWKdM0A
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  1e3157fc3db10cb11bb1542831b9f07071a4baad8bb0d42282a3bd9141423798
- Size
  
  991KB
- MD5
  
  be582c12844f5f5dddd1d613957799da
- SHA1
  
  74dade2c7e5ac082f6942497e78608a33610af0a
- SHA256
  
  1e3157fc3db10cb11bb1542831b9f07071a4baad8bb0d42282a3bd9141423798
- SHA512
  
  233eba01255605cf18bf64cfea8b100758f615b6506f80de2aff7c4047ec2e5fd3487eae04cfbe00f796d8cf2c8b7c8c98b2187a54b2bf756c6103bd8eedffd0
- SSDEEP
  
  24576:pyuRmIEimkREuj6PmXXXmemqY++LKGoq+h:cu9h0uj6WHmegYGoq+
Score

10^/10

mystic redline smokeloader frant backdoor evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b
- Size
  
  1.2MB
- MD5
  
  b81cd3142a789eca2228e02e2a31229c
- SHA1
  
  6673628188e3aaa5cc5e3a0fd20cd472a85f237f
- SHA256
  
  1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b
- SHA512
  
  1b8855f6be99ade9f5d34a9bc69ba574a77957f397cd5015958eea3508e485934c1092aefebdf012b5671570c7fff8b0056b3325b56d0392abc55581599bb19c
- SSDEEP
  
  24576:tyg79ARUhCAlCegO5Q+wvF36AFIVjtftkIKVHXKT+w:Ik9ARmwOqjF36N/Nri
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  2754139a8485fbf1b2e0b164393e54175366ed15e96929b58676edf2271759f3
- Size
  
  488KB
- MD5
  
  b4456f54d46a916c787fee11c2735e5e
- SHA1
  
  3386c3cc568dd8a18630c83d0290a291ba4d4768
- SHA256
  
  2754139a8485fbf1b2e0b164393e54175366ed15e96929b58676edf2271759f3
- SHA512
  
  d89d7cc89c1cdc5c3c57cc88ed1703debdd71c8dbfe54f88969e7c9d779e4b63b69dbf920da74d6ea25026a26eacd5366898a14a9a68f0b82aaf68cd89450d89
- SSDEEP
  
  12288:6MrMy90Ra4LuBX9x408STlV23wI0wosCZa:Sy1hX9eSL2AI0hsCZa
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  27bb9fb2c486b6d1b245b9d1a80523ce3a661b3d9eb71a8772747a0cc4a12223
- Size
  
  662KB
- MD5
  
  550d6c9a76a063cdea263f9e44040e91
- SHA1
  
  54d122af56e4d6fb09862bf03336e41dc57600be
- SHA256
  
  27bb9fb2c486b6d1b245b9d1a80523ce3a661b3d9eb71a8772747a0cc4a12223
- SHA512
  
  3cb8554906ee1cfd43b426d557594665fd661c8299719c077e12a18747b86f5a74b867751d7e1c9ece13cf9b2f548b0ef4e25018f56144db24b3236c06acc19d
- SSDEEP
  
  12288:3MrUy909SFjJjwVZca4uMJNe4++YO5704Y69JRwfvSAvbno:LyeSFWV6a4rDXW6dwiAvs
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral5
- Target
  
  3303790f7ca29df0e39764e876baec5513b2ca1cc3ffeed56f9fc006a9eaec90
- Size
  
  493KB
- MD5
  
  eae83c8fc8b81895b7ac50e11704d42f
- SHA1
  
  89739814fbd5a39670511e0e77c7d84087a470e7
- SHA256
  
  3303790f7ca29df0e39764e876baec5513b2ca1cc3ffeed56f9fc006a9eaec90
- SHA512
  
  b2b7f4247624a031f4d41ab4b30081c312c56b8fd06d5d8a43fb5a2f62951ef12032e46ff379111e65831d61965be372d93e6528dfbde35b05ed718ed2857115
- SSDEEP
  
  12288:mMryy90YqoqNqfSJX4/KlfAgmlP8/ADHSB87:oy6oKZo/KlE84TSi7
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral6
- Target
  
  3a221e425a7f8509a077d01514feaf49038631122b838d94a6d08c5d6d8812c4
- Size
  
  884KB
- MD5
  
  ab4c5993b5744021c0489c4e5d3accd4
- SHA1
  
  13038a7ad4c10c2e02ed0e82983bb2dd28f22a91
- SHA256
  
  3a221e425a7f8509a077d01514feaf49038631122b838d94a6d08c5d6d8812c4
- SHA512
  
  5f5fd4a8eae176832623523338118e3b35cd7e8c39ebc08b45759c490c3caed0cd1d27560901ddbef8e83d4bac4bfdd90ae5ce3749ee3d02198a9587ddb50ba6
- SSDEEP
  
  12288:QMr7y90Fsivbbfy07EL0Btjpi/R+nOliMW9iWinBP3g/eNMYUcUIFyVWwk/fD:7yeHDb6Q9i/R+h79/0Bvlmaj
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral7
- Target
  
  3d524b1122044bd6d028d191fe5fdb789d1a25e2c110fa4da0fc49ae0f970cac
- Size
  
  313KB
- MD5
  
  e89494e3d4ef96cd08fcbe2993ca8af8
- SHA1
  
  31605254987bc7afbba573536c1792129c29d33e
- SHA256
  
  3d524b1122044bd6d028d191fe5fdb789d1a25e2c110fa4da0fc49ae0f970cac
- SHA512
  
  68d689b9343292fe90a4a8481cbc5b667b38d2a8866dd5fd0bcd8ba229839a29cfd88a491eae8a1f7a4139d08ed661310c4759f929faa7cb703eb40a0cc9ecfa
- SSDEEP
  
  6144:KEy+bnr+Zp0yN90QE+H5qdPcf3zdighcv6YSt9IfM5+P:EMrFy90y58GtS0rYP
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral8
- Target
  
  5d2993b3c14eb3f833d52e4874f37ee17b3eeb5d75594bb31700eeb723ec95f9
- Size
  
  452KB
- MD5
  
  39526e106dbda09d8e555a0ff20f30d0
- SHA1
  
  a91b8cf366ff6fb255556160147aca84a2531ec8
- SHA256
  
  5d2993b3c14eb3f833d52e4874f37ee17b3eeb5d75594bb31700eeb723ec95f9
- SHA512
  
  ecabf935ad68fa4ff5a0791092d34f356850dec9c893f3f22c0c443353cec50aecf12a9957f4951d3f32c5362541a4a1dd87c90c6d81573cd9ab6baf84d9aca1
- SSDEEP
  
  12288:fMrsy906un5B6oTqaKjD7Lh1SsmrdMZ71c2w7F:LySB6oTsPSs2Uo7F
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral9
- Target
  
  6fd17debf93c6b9c9099ea8145bbb5ed0620fd59fc7ef7a3fe60decb9a2f2260
- Size
  
  271KB
- MD5
  
  ff2aeb042bcd4a78ad38c3a8b8b52663
- SHA1
  
  9d792ac5d0197e75d2d3a447fe09c6ef9b6844d9
- SHA256
  
  6fd17debf93c6b9c9099ea8145bbb5ed0620fd59fc7ef7a3fe60decb9a2f2260
- SHA512
  
  49b5794c2919c707b0aaff299db25b1ec67fcda710283605dda2987289002b6197bfabb8be218349050d361a39f504a8a6123bbb186e7abbe5dc95bb2826773b
- SSDEEP
  
  6144:KSy+bnr+jp0yN90QEgd3Y9nG/kYihMT3xKr:yMrby90Gdo9nGqMzIr
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral10
- Target
  
  75392ef3c6b89b32827d4060efcb3c6f7495a869fddbe8fa01cc45a2e79a06af
- Size
  
  266KB
- MD5
  
  83daa5d688932115aab97aede1f2bb9e
- SHA1
  
  acff1c0b6b0c27bb9719251f3cdba86d2ba57d07
- SHA256
  
  75392ef3c6b89b32827d4060efcb3c6f7495a869fddbe8fa01cc45a2e79a06af
- SHA512
  
  be24d19634c86c8d77ebc058247d038f5a4e4838ce5d958ad625976955163a32d24223cc4ae1f91aa27749b85db3bdfc12722e09dfcdba98d917737b5aae2b63
- SSDEEP
  
  6144:K2y+bnr+Xp0yN90QEIvJHOu20NhVm1YtONyS43i:KMrry906vJuuvNPm+t8ySN
Score

10^/10

healer redline jokes dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral11
- Target
  
  79920d9e9cb9d0d34dea9a437201a5436392c8af727314332ebf8e3e0f45a588
- Size
  
  649KB
- MD5
  
  2917f39014ba3a0e8e686ef68abf591b
- SHA1
  
  fa2cce397304267efc3adf4fad5de282666f0382
- SHA256
  
  79920d9e9cb9d0d34dea9a437201a5436392c8af727314332ebf8e3e0f45a588
- SHA512
  
  02c83b5db0933a1041bb09417bfbfac7184bdf7ab9431a131758d7f10c6592ab7422f2761c0a6c60279786bb13c5c4aded52f0767cf40e6efb14b20abbad229b
- SSDEEP
  
  12288:yMrny90yN98tmrgjStMHu3JdoVNR0y5LQpZ77BL3UOfajJw5T8/:dyp8GcaMO3JmVDU77l3laq5w/
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral12
- Target
  
  a7a12f0dc9dc407d29a66722468c4b9454da42b9263e9602b9919c5ae6104684
- Size
  
  627KB
- MD5
  
  36e91b40e20a163ac286b11ebfce0012
- SHA1
  
  4e9e67d22c5aa447c866960759aafd13587d4888
- SHA256
  
  a7a12f0dc9dc407d29a66722468c4b9454da42b9263e9602b9919c5ae6104684
- SHA512
  
  0b47ebc5b49c00554f1b1cb395176b7f49ee902ed019dcd6256b07db760931d668d729ac1a4d43086b745205dd2e45167ead2aadb584845858769f51aad2c630
- SSDEEP
  
  12288:qMriy90sni1MRJb5Vxc4sSz0w1eOuUN7X4W6ugUXwkP+/Nw4j9hxW8GwBheOdx3x:0yMkJHrsSIwEOuUNiugUXwkaNwM9hk8v
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral13
- Target
  
  b0d808b1dd08c984f7606f4b339e130b91813e728fdf49bb361e421666de7feb
- Size
  
  324KB
- MD5
  
  5131d28e276833de5aa55e178e6f4e42
- SHA1
  
  548839ad6802c0d916624e7742b7fbd0aa20409d
- SHA256
  
  b0d808b1dd08c984f7606f4b339e130b91813e728fdf49bb361e421666de7feb
- SHA512
  
  d8388a0b929adc320a5e16e6cf30e239dafb89d30f26d19fd6baae46259d5175742bf0cdd089b1118d628b3203bc23fe378489f4bbb134ab3aa3617775f9b08e
- SSDEEP
  
  6144:KMy+bnr+op0yN90QEGWh18/ChgSJkT0rVo/dioAuagXgzrcY8:MMrEy90g2186vk4BK39ZQvcY8
Score

10^/10

healer redline vasha dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral14
- Target
  
  b12350798c654ae949a005844c65ef16d136ad08598227c8041fe8bb48e6dcbd
- Size
  
  465KB
- MD5
  
  5c67808b656205321897724516b25c6a
- SHA1
  
  3e940a5fea71a3c510eabaebfc346b6cede331f8
- SHA256
  
  b12350798c654ae949a005844c65ef16d136ad08598227c8041fe8bb48e6dcbd
- SHA512
  
  656aa047c084f5b81903ee4ef2e8e87c0d557218fefd4c84e9e2aecffba9a7147a89a97b5f954e24dd07643749ea63c04ae4c326baa1298e7d0a635c44a0c8c7
- SSDEEP
  
  12288:YMrOy90fn0NKjKQhHA1SFyw64y2DTM+q4:WyPoK4gm64y200
Score

10^/10

healer redline buben dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral15
- Target
  
  e267ce7005abcc25524e9395554aeb50630246fae2d26c6832285538cac766a3
- Size
  
  657KB
- MD5
  
  4ca1ea735e9998270a86f8053fc38e42
- SHA1
  
  1d72eb587bb77853daf9b6a186debcd515d207cd
- SHA256
  
  e267ce7005abcc25524e9395554aeb50630246fae2d26c6832285538cac766a3
- SHA512
  
  1cb1f727a9a9d16e684aa60e9834b42da72327d2a767955fe37f8511ecac8ecc6e100a5eb3e1e7c8891dc6e309d7ad223cfb86f5e221bd0baad1a16fb8b4438f
- SSDEEP
  
  12288:nMrmy90laJQJdJOMY3QrBPBT0odoug0bHAYxCf/EligsQiY:RyBCfJOMYWBPB7muVbgYxCDY
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral16
- Target
  
  ec317a24ef2ba5bee688aaad8667b8e438ce19cc1b84eb2972099c8e95eebba3
- Size
  
  662KB
- MD5
  
  6980000f944887fce276684c7c66bb01
- SHA1
  
  06f4e14cdb875469c215c71254463165c1b6eba5
- SHA256
  
  ec317a24ef2ba5bee688aaad8667b8e438ce19cc1b84eb2972099c8e95eebba3
- SHA512
  
  1ba6a235f6caee47200cd99aa3952b76dae9f5024e1349e2fcc0310ce8eed2eec495435e245535542d100dac69962517accec22e3f1893eee3889cc0520cf052
- SSDEEP
  
  12288:WMruy90fRdPF1+2uJQbMt2mSXrYxZIEjxzIDAUZFAIVvyBWp/cRGEnXox:syEPPP8t2NeZVGbZFnVT/cU7
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral17
- Target
  
  f0dcb286edd11d6940d1a6019389bb64a1dd0d5f45b9d086f976170c1c151532
- Size
  
  632KB
- MD5
  
  70cde4431c748a02ed9e6ed7ea19498f
- SHA1
  
  cb0638996cea6fcf6830f09b0936d92629d8b8f8
- SHA256
  
  f0dcb286edd11d6940d1a6019389bb64a1dd0d5f45b9d086f976170c1c151532
- SHA512
  
  5115a25020d2c5ccc8595eddaeb7df9f3df85bbe04ffc9b3ef7a5699d07fe2c124ca7d31eb1a956c6deb306b980a5921131f341547d1bae58f2d641c1a4fe06e
- SSDEEP
  
  12288:2Mrvy90AJpi54h/bwTz8z0fyx+3BYkL53D6QhpkNdITaYdom8r2vgZWZri:JyDJceb4AIfyxS+YywTGmRkEi
Score

10^/10

mystic redline jokes infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral18
- Target
  
  fb618de176f20e02e8f9667fd9ce9737e7d541243fbb879127b2f1728ea15019
- Size
  
  649KB
- MD5
  
  8f5a80f4aee9459c4c228b1efcf8dc0d
- SHA1
  
  dfc8371c59dac97dd00bff885bee72003807d1dc
- SHA256
  
  fb618de176f20e02e8f9667fd9ce9737e7d541243fbb879127b2f1728ea15019
- SHA512
  
  88e2ec8d299fe08f773045259a378cf776382fd56e989fdc8ddb5113327aa15b8c4b88c1d15b31a8d42530e366412d34e98e8a5cd106310cdd4abb24b8bcb324
- SSDEEP
  
  12288:wMrzy90UAJ0lQk/aDACA0ZuFHmci4roooSdZH+k4FvbKSoggLB1PUNcO:Ty4D8a830cFzrlXdZek4FdNgLB1cl
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral19
- Target
  
  fe8bcd4eb9f9d50df43b88607e258c6ee1911bf0d1e6c2d4c67dd6a260684820
- Size
  
  1.6MB
- MD5
  
  a2298690a5e88cedce3ecba10e3bc84f
- SHA1
  
  801ceb0094c01b732486d8948ecdff9c745f0013
- SHA256
  
  fe8bcd4eb9f9d50df43b88607e258c6ee1911bf0d1e6c2d4c67dd6a260684820
- SHA512
  
  debb36a3933475d4d51ffcb2e7f8ca3adbdb7c441119c641119e095332ccfb758393478f733e1decb6c95835f0b3698bd1e274c8ee869205bd06fe7fd1bbdc7f
- SSDEEP
  
  24576:8y7oLYEudNUYC+j0M/mTmfSrIAhUaSaiKpAOcBsIxnKLaOboUZ0PP+f:rMLYdd5j34mf8UNaicAOGt3O8UaX
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

RedLine

RedLine payload

SmokeLoader

Executes dropped EXE

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detects Healer an antivirus disabler dropper

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detects Healer an antivirus disabler dropper

Healer

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detects Healer an antivirus disabler dropper

Healer

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

Executes dropped EXE

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic