healer

Sharing

General

Target

r.zip
Size

14.4MB
Sample

240523-vysrraad3z
MD5

6f83c4ebe0bb24f681ad5c7e2a155cad
SHA1

178157aed7d0aacb3f7cc48873082734ad741428
SHA256

8ee265740e734e664a806025412118c1398e5fd5de8de7844c913c144f497faa
SHA512

629df1870d2f380d24ae4978470b049b33ab86af8c56c07b67d8d07374116ffaf499384b05ef29cb0352e121b9677d2129951557df36d49db086b109c2342ec8
SSDEEP

393216:JKeHj/FbbiUDji+5qwRW+t2zcuvGMkl8ZeRU2DPwDo:XjJioi4evGM/sUoPwDo

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

moner

77.91.124.82:19071

Attributes

auth_value
a94cd9e01643e1945b296c28a2f28707

Extracted

Family

redline

Botnet

mrak

77.91.124.82:19071

Attributes

auth_value
7d9a335ab5dfd42d374867c96fe25302

Extracted

Family

redline

Botnet

lutyr

77.91.124.55:19071

Extracted

Family

redline

Botnet

gigant

77.91.124.55:19071

Extracted

Family

redline

Botnet

virad

77.91.124.82:19071

Attributes

auth_value
434dd63619ca8bbf10125913fb40ca28

Extracted

Family

redline

Botnet

frant

77.91.124.55:19071

Extracted

Family

redline

Botnet

narik

77.91.124.82:19071

Attributes

auth_value
07924f5ef90576eb64faea857b8ba3e5

Extracted

Family

redline

Botnet

buben

77.91.124.82:19071

Attributes

auth_value
c62fa04aa45f5b78f62d2c21fcbefdec

Targets

- Target
  
  196993766d9fd8e527e04ab6a57e61f104a8d6b651d9eff81ea121f7261d88e4
- Size
  
  306KB
- MD5
  
  a4a729b09f4a75c3ac51a91a765bd930
- SHA1
  
  469db840ba4fa1fb157a3496ffb8168da4c73828
- SHA256
  
  196993766d9fd8e527e04ab6a57e61f104a8d6b651d9eff81ea121f7261d88e4
- SHA512
  
  112ed4cfeb28712ba6775c76a538b83b245e0c0b8b89d6f28b48a14ba5672c6ebf69f01ef534c26556ab59338944f2d4f583cabfdd958f9e43ac6988db6937f5
- SSDEEP
  
  6144:KOy+bnr+Fp0yN90QEQlN+1JQVAkMtjQj1zVV9QtDip:iMrty902lNEJQBMt4Vu6
Score

10^/10

healer redline moner dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  2cb02eeff015b5724c548dcd8876db39d785c6beedf358fa6fa4dc6934541b07
- Size
  
  314KB
- MD5
  
  4a86b917c2b2e25bf293987f19436e82
- SHA1
  
  4e024cf472489624f2f82e2ecb3b5aa706f4580b
- SHA256
  
  2cb02eeff015b5724c548dcd8876db39d785c6beedf358fa6fa4dc6934541b07
- SHA512
  
  89deb12f678ee4d3dedf7656e20bd869a936b626b9c25f60c9c0a2d4143c233620f34e850fb815e2c31322dcd01661b33c566f162be9ef7113a99bcdee8cd7b8
- SSDEEP
  
  6144:Kgy+bnr+Zp0yN90QEWkaDhVcb1scBy8U1OZNoM5dhu:wMrhy90054b1scAAZxu
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  515ca9dbb061a01c8da21c552a76dd53c58fa94f5421a2b5792e2e37137ab470
- Size
  
  1.0MB
- MD5
  
  bd7ad2e2ad434827a8fd3915ae015b09
- SHA1
  
  77ac094e9c4cf9e705fc48600903dfb87aa03861
- SHA256
  
  515ca9dbb061a01c8da21c552a76dd53c58fa94f5421a2b5792e2e37137ab470
- SHA512
  
  0a96a53a9ade93ae9339d03f746dfc76982be6bda99f4e1e7363c319d846c3ae0fd24a599cc03ca21bba7a2f6003d1553d92831b8cc76f878a5fc6b0ddb6e167
- SSDEEP
  
  24576:iy85RKOIjbKQM9fsA6rYsswJi4KxkdmagQ8Y4EjfJ:J8WB890vF5ukcdxYPj
Score

10^/10

mystic redline narik evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral3
- Target
  
  637e68df5f54ed9e5e7de1cee4157ff3be2efe7d01c49ab8ce67a2dcefb470fc
- Size
  
  937KB
- MD5
  
  341be5311fd3e445027b944c6cd4adb0
- SHA1
  
  2ab8fbbcb9c37d9a6419b35933bbe2fe66562bae
- SHA256
  
  637e68df5f54ed9e5e7de1cee4157ff3be2efe7d01c49ab8ce67a2dcefb470fc
- SHA512
  
  ede31ca7a634e39a45fcb8eab771fef2e8fe9628f92e4cd223fad8eab92e04e0db876e23368ed903acdd0d6020eb901990ccbe3a61b54b8a678f98e2ab48c07a
- SSDEEP
  
  12288:ZMrGy90ZFPeq0D7LLDORdNwOQ/fftX8C6mpcNKNN6chuXfuG4oQTlm6BVOpK53o:7y4eq0fn6zNwO6R6SN6co2GwlmZpQ3o
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  67adfef0180eabce1681648e2c46c32d12d6f42f83d1e0f23337cb248ea7503f
- Size
  
  598KB
- MD5
  
  1598f837f169b3d98c236d9ead3fa842
- SHA1
  
  c4ecc836b0daf3fad7556e4e2e8e218cd2306f7c
- SHA256
  
  67adfef0180eabce1681648e2c46c32d12d6f42f83d1e0f23337cb248ea7503f
- SHA512
  
  3eb450ca3165f9f36693e84e414da703da9e9320be967096d47ea11ecb6389ec8bd6421709d84c85f852591fad55ee2f47fbfe6044195e8d7beb933565664c38
- SSDEEP
  
  12288:wMr0y90gun5B6oTBtLfzNNBlRyQzSxJGahdFm4Iv0eQ4s:UyyB6oTHLZNAQOPGSdFTAQR
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  753ea0d14181cbd10e784c6def975e1b2a0adae8cdb71930dececfc455cd59ee
- Size
  
  479KB
- MD5
  
  a4a68e09983abdde3e285e5412e70490
- SHA1
  
  fcec46e9661c30c0052f8c692dda6ee7d650ec42
- SHA256
  
  753ea0d14181cbd10e784c6def975e1b2a0adae8cdb71930dececfc455cd59ee
- SHA512
  
  36f8f14140638670c77984e91648b0adcdef45baef323ffa097c6e62443cf89eed0ceea8e5fd49383adecc77aee7defc3180e8128fb288a459eaed9c684bd9ef
- SSDEEP
  
  12288:TMrny90qC/ZEOjY0pO/LqG4cH+H8jJ9e:kyaZXZY/x4YJ4
Score

10^/10

healer redline virad dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral6
- Target
  
  75a099d51b4f58a6df537c770b8d75820445fa7798e533b8d2312b46e4d407a2
- Size
  
  884KB
- MD5
  
  9bd46d04ccf0e58049a11dd8b0e252e3
- SHA1
  
  1700b577b164ed8ae5f4c91797eff3a164cd4600
- SHA256
  
  75a099d51b4f58a6df537c770b8d75820445fa7798e533b8d2312b46e4d407a2
- SHA512
  
  a2cb32897e38fb1ac0df517293ebf4e5cfa3ccdd09a3ba19a04813c1b522553befd2e24009463dd22b6aefe76e17d10b7eda4b3fc9d1d946c584660da32b8a1d
- SSDEEP
  
  24576:kyy9dSb2i36Gg8cW1B3wGWh2NkhWPKMwDIA7LqtR:zyfS/qGg8c+wGvoWiMwVyt
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral7
- Target
  
  7bc60a53f2e41fbf75340717de9ffcc9b6fd784a5d53c6179c11edf693435461
- Size
  
  417KB
- MD5
  
  b3e27bc42c0d400f58083d243e52976b
- SHA1
  
  dfb89f92eaf181b6e424c0752c4a50edb99eb6bf
- SHA256
  
  7bc60a53f2e41fbf75340717de9ffcc9b6fd784a5d53c6179c11edf693435461
- SHA512
  
  43cdcf38bc097faf2979f7d080aa701b332ada3db6b24720b60c357cf1dc5125517ddd22a55774cada98be57b309a32d6e77fa3b35e536444585943cae5a66f1
- SSDEEP
  
  6144:K0y+bnr+Gp0yN90QEx6uFCuzf8i/mEPtm+aiGEaC9c2fWNU1:wMrGy90bjCuLl/mEVm1iVrTQK
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral8
- Target
  
  878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159
- Size
  
  684KB
- MD5
  
  c0e22770f7c2e9dfc4556c481bd60236
- SHA1
  
  d29db9fb6a35942ffeec3e263000b3d239f6250b
- SHA256
  
  878c11674c0d8a2d45512540cc40d386c9d9226a6518be88109168224c8be159
- SHA512
  
  ea276c2faf5ff9ef7e199dfee7efe16cd443df3bc4f5b471cce67a13bd122c8690e78bbdd6bf4ea8739465782b626b821413b9891e446be1988fadfb249846f1
- SSDEEP
  
  12288:KMrAy90VVPvKRok2+cz6hWtiK1gOVie2lJ6Zi7G0c+973sauRd:eyCUpdthWMKGDj9rs3Rd
Score

10^/10

redline buben infostealer persistence
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral9
- Target
  
  905a82b6666de3b294cd219ea3915e2e4b0952c88e92f3c21b67df4b93990103
- Size
  
  661KB
- MD5
  
  18d7fd980598cc8e0a453d540624bb38
- SHA1
  
  9d7b7e90c579473861abed6203bb022416b124bd
- SHA256
  
  905a82b6666de3b294cd219ea3915e2e4b0952c88e92f3c21b67df4b93990103
- SHA512
  
  05f04f5b18d30a8ac8fa39b0547bf828e4e1e31f07b791e8f0269d351d7951cae9ce06ecee597d2c694cc5a9822f27429096707cd976c3e807c9f0046bf62dcb
- SSDEEP
  
  12288:LMrvy90ZikgBzlsz1BvNreTx80Nc8WIzhl5rJlSPUi51saqHl80mc:sy47Wq1BFCBNcvIzhLJlRFT
Score

10^/10

healer redline mrak dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral10
- Target
  
  9e0acffebc0952db0a6deca20d7da7842752e7b62fdf17c5a6132cbd82a85fef
- Size
  
  1.2MB
- MD5
  
  8062d3af8d126f153a6f8d5203972b4b
- SHA1
  
  fcaf218814d45ed77751ff21057ad3bca5c6f485
- SHA256
  
  9e0acffebc0952db0a6deca20d7da7842752e7b62fdf17c5a6132cbd82a85fef
- SHA512
  
  b5ee77a25aee48c11c645996f7b7faecdf168e979b5d76afd1093ae28deaa35a01c7db398155f13da6ae757cf05c536688a081ca8e07c332fb7c646b8a8a2f33
- SSDEEP
  
  24576:zytYpZ9ztKtIUClvanandVVGNLCgLnKPgLbdj6u5eBrEsaDrR:GepHxVkoTVqLC0KPMdj6wcrEHr
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral11
- Target
  
  9e61b06119f566b9fb98b46bbce9cb6e128f7a58de8e4266a2867a96d521f2c5
- Size
  
  417KB
- MD5
  
  7a7af164895d79447e8d7884dae6aa33
- SHA1
  
  14307fa0f232f9827f661e1ea9c225564f57a55b
- SHA256
  
  9e61b06119f566b9fb98b46bbce9cb6e128f7a58de8e4266a2867a96d521f2c5
- SHA512
  
  0741de51985426d842008c009f22f4ccebbf6484ef5a84d414ddf533ae322bdd9ff9791476815591976cd893313aca7f28930c349af1610f50fd76352ad24cd6
- SSDEEP
  
  6144:KCy+bnr+ep0yN90QEl6uFCuzf8i/mEPtm+aiGEaC9c2fLsUf:eMrOy907jCuLl/mEVm1iVrTA8
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral12
- Target
  
  a8e7ed480b5dfd7831f86d676442a11db9686f0cd83ee01f32b92a8a254080c2
- Size
  
  662KB
- MD5
  
  3c76463882acf1f21c4d32614a46e7ad
- SHA1
  
  01d8b7281d354b880b8902783bf3cb25e80074a9
- SHA256
  
  a8e7ed480b5dfd7831f86d676442a11db9686f0cd83ee01f32b92a8a254080c2
- SHA512
  
  dd03ce78824fd9918089bd634eccb8bf08f3027178c5de1046b26ada1829363748eb7fa2f3ab1ad158fb81af0f98a28cfb161240b3a039bc2c1f67701ab7d98e
- SSDEEP
  
  12288:zMruy90uudQWRQ9qyhmeEuVK35vFl9vjVxBy5lraSTkR:NyrudagTPptRDy5lM
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral13
- Target
  
  b55e0e5824f9aed804ccff228c21b9dc48e15fc3f7da5286a514ea94193f15a8
- Size
  
  1.6MB
- MD5
  
  910d8cb1b127b0f7bea2eb47a939c260
- SHA1
  
  1143362d66c21434412eea597e464e4f154dd205
- SHA256
  
  b55e0e5824f9aed804ccff228c21b9dc48e15fc3f7da5286a514ea94193f15a8
- SHA512
  
  77719c68bc8889bbc029a37278de643b531dfb207cee720a8d3f926fd209f5397a09f477c7f9e4995ce4b54315b321530adcd227bfc729b41222ce7e483f5d2e
- SSDEEP
  
  24576:ZyFiu4btkJLleIxFYm5MYiGw6u+nFP+D1uLiUOht2MIlD0gNtLct1FqEa9MfR3nj:Mk7Qv5MYNn5mULiUqJ2DMtRR/VP
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral14
- Target
  
  b6f3ae7c8039baa6291649906002be6daa14265e311c369866980f296919acfd
- Size
  
  650KB
- MD5
  
  018a19df0d0740ed6ffb1e10b0e721fa
- SHA1
  
  74914be9ad7d256ed0acfd5f85012e47b38a17a8
- SHA256
  
  b6f3ae7c8039baa6291649906002be6daa14265e311c369866980f296919acfd
- SHA512
  
  3863e8e6d6c1acaa68d20fa21fc6730fdf3a591641b7ab256b00aedbf86159f54bd8df611fb93d72241253b624460c4f214f715ce6c33abb29f5cbd5311e485d
- SSDEEP
  
  12288:KMr9y90fh84/H+q4teQYErUVY4Y5Er3st79pQG7g0yCK:Pyih8xtuEeY4YmW7DQ+g0yCK
Score

10^/10

mystic redline virad infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral15
- Target
  
  c3d6d3e893fd99f013083ef64a70f3ab8cfdb8848fd2fccbb6d2844033a3f4ba
- Size
  
  1.1MB
- MD5
  
  8ec38c41e6d2ffa92d8f5b7a76ad37d6
- SHA1
  
  de4dab60f8d40b83943d8e8fdd655d30fa6e4a52
- SHA256
  
  c3d6d3e893fd99f013083ef64a70f3ab8cfdb8848fd2fccbb6d2844033a3f4ba
- SHA512
  
  44dc047c4cb9e0546a656bf229c1497a576caa5930d2251d2850f52c431779488da68420f0ec70c47d932cc20c5c2488113b26fd12f25b172d23562d7d14cb82
- SSDEEP
  
  24576:PyVTMDEu8I7wasY9V2aAHYeNMESJ59kmTqMn3EJiRiN:a6EuXwO+a9eNMP59Tfn3+Oi
Score

10^/10

mystic redline smokeloader frant backdoor evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral16
- Target
  
  d68f556e867c0edd6db1857c4fa9aa2c6410b74fde30d6438fe50ffcf382e413
- Size
  
  696KB
- MD5
  
  f232436d2ef0be5f59e459815d69f1e4
- SHA1
  
  6fa65d936facf2185bba69c0e1ffcc0c0685bd2a
- SHA256
  
  d68f556e867c0edd6db1857c4fa9aa2c6410b74fde30d6438fe50ffcf382e413
- SHA512
  
  a97de673347ab08539669585b3bf0467395efddfe186b2a03cced3897633f328b2ef3bc339a2da424d4b5001a4e193055071461d98f562c8185740b586241a15
- SSDEEP
  
  12288:MMrEy900G/Ur2wB+94JohzTabXD7zz1PHlrdMKF192w7DmFMpTBybonpn+fO:IyA/a2wQkczuBPHvT17Dmyltf
Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral17
- Target
  
  f67e1f80fbd3845a74490559e6a9ca3526fb093df5cd3852b6de4cd319d401aa
- Size
  
  436KB
- MD5
  
  b1ac7cddf0f985171d0fd148bf73e670
- SHA1
  
  50479cd60c83cf2122e684c2a9101bf2c5eb078f
- SHA256
  
  f67e1f80fbd3845a74490559e6a9ca3526fb093df5cd3852b6de4cd319d401aa
- SHA512
  
  e183110c84c7a522df038a0f99cf3de38e043e54c775021c81c12c3d8bccb8693c6eb74c2e33b559884f58dfd712a147b4288f1694482939534700c32e6aab18
- SSDEEP
  
  12288:iMrHy90klxjEN9p8Howy1c/I4Myz1UOn4Uw:tyflxYzeIwhBj1Ln4Uw
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral18
- Target
  
  fb8a184cade7544ea1ec897b679edff542000cf31934900525f12e02f85eb9cb
- Size
  
  1.2MB
- MD5
  
  9e0a65a6354df7e961d797ff850db432
- SHA1
  
  6760ff14c6890d975c5ffb5a2cb8b6f3300ed115
- SHA256
  
  fb8a184cade7544ea1ec897b679edff542000cf31934900525f12e02f85eb9cb
- SHA512
  
  b90ae16f118333db8081b8921138425a6dfd29785c1b9ae884f590a12281d99a255b0ec3abb275ae9ec27468a07ab7393762b4edd6e32f5dcb9e608bf1f4eafb
- SSDEEP
  
  24576:fyMGHOJwixm0Y3ELv66HZJxHzSd6T05Efj4Rx891fFOn2bt6Anu:qjHuZY3EWEZfSd00u4qNOnYtNn
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral19
- Target
  
  fe5b99ae2f24a02b6eb25016c9736c313a779f9de26ca9e883482b8075830bbb
- Size
  
  1.2MB
- MD5
  
  6166d64607711c5c13d3e34594f2c922
- SHA1
  
  5d2d910948e64bfe6e643a7d28f3d584ecd0f892
- SHA256
  
  fe5b99ae2f24a02b6eb25016c9736c313a779f9de26ca9e883482b8075830bbb
- SHA512
  
  841e8cb00184591e680a67abd5e68999ea4f14659d61775ad4195586e2f051b039837241562f28985bbcd0ef59e5faf7f17cf1c46421ca43af78616b1e3779c1
- SSDEEP
  
  24576:tyn6vnWcU7F6V27AD+iul7uBdfm+lQNn2oL4b9/xFh5PQHhCe:IwnsFE27Wk6BdufrL89JZIHs
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Detects Healer an antivirus disabler dropper

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detects Healer an antivirus disabler dropper

Healer

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

RedLine

RedLine payload

Executes dropped EXE

Windows security modification

Adds Run key to start application

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

Executes dropped EXE

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

Detects Healer an antivirus disabler dropper

Healer

Modifies Windows Defender Real-time Protection settings

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detects Healer an antivirus disabler dropper

Healer

Modifies Windows Defender Real-time Protection settings

RedLine