Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
23-05-2024 18:30
General
-
Target
2acc7bf3a0c9793fa35ddb267e569c575a7a142b0722a61a3c49c2e87e994477.exe
-
Size
947KB
-
MD5
e05b77f28bbe24dd2444a611884b0122
-
SHA1
7bd1124270c5e41e1ae2a31df6140196d57b929b
-
SHA256
2acc7bf3a0c9793fa35ddb267e569c575a7a142b0722a61a3c49c2e87e994477
-
SHA512
0253d333d18904eb2276b4e7408f85b4cdb1804dd1871a86d89749976cd747c4949fdf3938fd9d2faaf377c95475cd345a8c03b8c32234db5b468618dafef3f3
-
SSDEEP
24576:vyMfK22g+/ZdlEnzrsdVEeAWaWYvGJwLJxD5yVoYtrh:6AKuodksvJAEYvVLvBEr
Malware Config
Extracted
redline
kukish
77.91.124.55:19071
Signatures
-
Detect Mystic stealer payload 1 IoCs
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 2 IoCs
-
Executes dropped EXE 4 IoCs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2acc7bf3a0c9793fa35ddb267e569c575a7a142b0722a61a3c49c2e87e994477.exe"C:\Users\Admin\AppData\Local\Temp\2acc7bf3a0c9793fa35ddb267e569c575a7a142b0722a61a3c49c2e87e994477.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EK8Ln6Oc.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\EK8Ln6Oc.exe2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Iu2ud1tf.exeC:\Users\Admin\AppData\Local\Temp\IXP001.TMP\Iu2ud1tf.exe3⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1nj40FT8.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1nj40FT8.exe4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2EI106sy.exeC:\Users\Admin\AppData\Local\Temp\IXP002.TMP\2EI106sy.exe4⤵
- Executes dropped EXE
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
514KB
MD5dee3953a410f4b4e04703a39ed307d18
SHA140ff962e3dd6afacc5b7c14b5efcee0068da1f03
SHA25651c8506ab572f3dc38c3661c81aa866ed837cdc859801a29633cb999f9dd704d
SHA512cd28bf9822a8774c0a23de4ecfc061867f4e228085539d2cba8abf63197b393c9ed03f4ac791ca993068276cff4831d705f73addb59a4f57ec994572b12401ad
-
Filesize
319KB
MD5d52f7382a5bd101ebb6463a58259ac0e
SHA14fa6ea729f550b3086c05a985c654e8c8bbcdcb9
SHA2561f900077cde1d7a22164f90d6f130deb6afcf3215e71539d991da174ffdbd4a8
SHA512afe0797ecdc33e811f334c4db2bbd603b3f2b56d3ec6d289ccd44dd2a37b1ef2dbc3a04e67101665b662abb3e05aaf3cb0a4286cc31807ab0e0c88234f461177
-
Filesize
180KB
MD53f305144feb3040cf41b216841537ec2
SHA1ae9066cc3b40be6250e7e6a90bcc2de160067b84
SHA25689fec546032f1fc58fb08e79ab626d7e2401a5958b81a928ab5e0c1540e180b1
SHA512ca3993ad5d0a376809e304a49eaf81c8ba3ecbe40e7085573698b1870291034f9bbfdec552b640b32d92b2f0b359f33c40f694f401abaf81d70ab7a6484a798e
-
Filesize
222KB
MD5f4e8f0717d0388ffeba318525e5ef9cd
SHA15e8b736ae4d9944234eb2323f5f77f64112e4065
SHA2566d9ecf8bcf82718e063a7ac202cfe095d350947188404552ce397b1933afc9d7
SHA5121906c8570779fda1d7e1fe7b99550aaaed92b206988a7bea0c2675211457c36f882d319e665b8b8851fb1165ea8106179a6a1df8c50922d92410ad9b348f7233
-
Filesize
248KB
-
Filesize
5.6MB
-
Filesize
584KB
-
Filesize
40KB
-
Filesize
6.1MB
-
Filesize
1.0MB
-
Filesize
72KB
-
Filesize
240KB
-
Filesize
304KB