General
-
Target
r.zip
-
Size
17.3MB
-
Sample
240523-wawzyaag8x
-
MD5
5252fcdc274da08a632ecfdac8f8d15f
-
SHA1
a78a8df21ca9e102dab7ac2679a30e9ba47b07fc
-
SHA256
47889c48da4c5e390f10c04d8390b2c5d9f68bec127bf0e18bbe686b9079b922
-
SHA512
010d6f3c48d7255d0faa62f119c416d14d26f55878a5e32f7679e894c9f8f9766c3e869973507d560dace4c091fa2364498303e88a782aec7e31015c1772aa9e
-
SSDEEP
393216:iN6eTEaMSJXlFJICSN8THRr97rZilX6blh1MWrLTnXGgPEqo:IWSrn5SY7rCX6blBHrGeo
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Extracted
redline
frant
77.91.124.55:19071
Extracted
redline
magia
77.91.124.55:19071
Extracted
redline
lutyr
77.91.124.55:19071
Extracted
amadey
3.89
04d170
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Extracted
amadey
3.89
daf753
http://77.91.68.78
-
install_dir
cb378487cf
-
install_file
legota.exe
-
strings_key
f3785cbeef2013b6724eed349fd316ba
-
url_paths
/help/index.php
Extracted
redline
buben
77.91.124.82:19071
-
auth_value
c62fa04aa45f5b78f62d2c21fcbefdec
Extracted
redline
kukish
77.91.124.55:19071
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Targets
-
-
Target
04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa
-
Size
1.2MB
-
MD5
7b68089b89d04dd24d22a1332d87cf08
-
SHA1
66d956dadfe8dc098330dc3ec94a6a625c6a0462
-
SHA256
04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa
-
SHA512
0c1e561ae6e3c4111379c19618bc871c9c12b27ea5d2ae50396682e433e8369a97577e1b5f5ee3816fd2f4dfe2d8f749261a19c4cc20d0c517edfb282b45b592
-
SSDEEP
24576:dyXzrx5oWmhku7V5d2FZ9+p3tthEEovRH3OIspEK:4XJ5oJhR0Ff+t3EEopeIw
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
114af5c13b66325340fcc0e38e22cb3c0a2f713ad1346010b0a9fc80f025e1fd
-
Size
884KB
-
MD5
855fcc3b4e6345267720d10a2c70bb2a
-
SHA1
2136ff618093894c720d287da6933cd9f971eb7b
-
SHA256
114af5c13b66325340fcc0e38e22cb3c0a2f713ad1346010b0a9fc80f025e1fd
-
SHA512
850c7c93d8566718d64807f7a3bdc75a42808b5fa939adc1876e14264402d2ed9af2edd72fe8c81b53fc4cde9717f18742d1e523e37d5e552bc58a5ae55a1b43
-
SSDEEP
12288:sMrPy90LSw11aIzsQWakywt2w/4+imJi1m+nhSKgICaY1gixnKGCwaz:zyPwAyjw/4+UM+nhSR/xdxKwaz
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
-
Size
1.3MB
-
MD5
c49e3017e606c005354d432f3f881d03
-
SHA1
0389dd7d07aec776f09223ae287d5d033198fb9a
-
SHA256
1e8dd381c7b2d8b87f2596a2bfbccc3c813d8571fdbe788e678c3a733a5cae01
-
SHA512
bdddec1ea1bec3e6b005d654ed550a22eada8a0dc8e78525e670dde8724dfe5732c96a94cdbc7be48e49bd2f4311c456cf565b4a1776d541ff485dcb3a0e45af
-
SSDEEP
24576:1y9U9byiriRkjDd3xZWxghIP9tph2ar9EFKFQJTDPglgJk:QMLriRkjD/glVFj9EFKFQJi0
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
22e22c4ac4de60508d13a9152534da8f1fe27d387785252b3e90c5daa1939eb8
-
Size
577KB
-
MD5
d58665fa7391568983d6aeb8c552d7e9
-
SHA1
eb08b9875d7b1768942186126e366e26390491a2
-
SHA256
22e22c4ac4de60508d13a9152534da8f1fe27d387785252b3e90c5daa1939eb8
-
SHA512
5e8122035acac6fae926a3a512ea677430c3f67dae62f8a093bb330963f3488be822171e0933c9664a485c5ac8e4e3fc54f74997fc0a7b3ab900fecc087b208e
-
SSDEEP
12288:ZMrVy90ojTaOad96qpnFWC4GRRwQKo388+pDSxzj1k:YyVO6qyCVmQApDSH1k
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2539ef3c9ef568b60de04a70266f168cf5565fa88027d7d88812aed2417d527a
-
Size
696KB
-
MD5
d5ec309839dfeecd969b8130e5749026
-
SHA1
a98c8fcf74497f87b6554539ecfe827944173f1e
-
SHA256
2539ef3c9ef568b60de04a70266f168cf5565fa88027d7d88812aed2417d527a
-
SHA512
62621d7a1dcaec6d38821b675d253e1fcb3842f8681d5381891195347ab4f932dfe67662b77dc8565b04ab00c8757de19640964f6563523280e8c044b8a9b7cb
-
SSDEEP
12288:1Mrqy90mN/4HcEZACMRlEsnBc13cGdab7D7z717HlrdMDc1r2w7hxvqNSmjB8PYy:ryDJ4Hc8ACMPEE2z257HvSC7h7YXje
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
28e3223b75032745af45a606afdbd1788365c7af9b20cc01d5892478c17d91cb
-
Size
928KB
-
MD5
e43fb0ba3f42cba89a4e9de789df3038
-
SHA1
755650aaa84f385009c339954364c6593b174f20
-
SHA256
28e3223b75032745af45a606afdbd1788365c7af9b20cc01d5892478c17d91cb
-
SHA512
5c42eccc3bd51d0bfbaa2c80feca9a8dba9e84cd7d153011b936aca2aa22aab21aaa473ac436ccb03fe05d6e4f089ee42bfe20ac78fbc61f6c19266c615aa518
-
SSDEEP
24576:Jy2jAwbwPPXDKN+xl43wd1Q21uhEn4WTzbD1yMT/uDwMM+:8wbgP+2Hd1QquhI4i5yMT/HMM
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2a370f0b1b44ffdfd5105d8de5cdb127afee410219b503b0620c23343a163ad2
-
Size
1.6MB
-
MD5
e0e4c2b865f5df2405be278fe91af7a6
-
SHA1
20066b59c4fd65f7a3f91dcb7c1dd045fe455a93
-
SHA256
2a370f0b1b44ffdfd5105d8de5cdb127afee410219b503b0620c23343a163ad2
-
SHA512
294bfeef8bc4ab4c297a737a784d60bc430d98354daa8360e406db10d611f70b963f51e2773f2737885d2a820df1b98680d3931f3b0c2373a767987cf27cc1ad
-
SSDEEP
24576:tys9DSloF9Otjdj+PN0ydouRVcHMc876hfoVbrWO946HkD9FaWQ9sXlNQFlLCQ:IsdSiPMm6ydyMcg6g354yavad9GWl
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
312eee33696f223c1d77f63d4f4fa6692b492a19e1815f424ea276db2dfa312a
-
Size
1.1MB
-
MD5
c051fa3a44e8e46b51ed93f3be27b4bc
-
SHA1
187538cc7b95ad4c0d28ae9d079031502918b116
-
SHA256
312eee33696f223c1d77f63d4f4fa6692b492a19e1815f424ea276db2dfa312a
-
SHA512
8622434fd5e93a087d2957b071858ff6b34bd24ed251ac23c6fa672d1b7feeeba702eadbeea6b82e0523ad05ab55d4415b147c82099a1ce8edc45b5a94c6ff15
-
SSDEEP
24576:IyZlHWgpvHbRwWq9OIt5LMbILqM5kntjOpHK0q+4pTOM:PnFvHbGWq9OIt5Dhu1KCc
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
49fe85c527d85f575f10ffaacbea94923608dbe00ee181347f30f31686a10513
-
Size
1.2MB
-
MD5
36c41f38b00cc021774f16f386a792eb
-
SHA1
91c449b031fa7bbbcd320e3e0ad87b403faed296
-
SHA256
49fe85c527d85f575f10ffaacbea94923608dbe00ee181347f30f31686a10513
-
SHA512
032b5a66957ce300aa9efcb5f5975e75e3f1ac7c23a504d0df960a45acba0aaac388c519ff406da3c5c45d6afc18307a1a6b0f087f93d36544ed3d827236879a
-
SSDEEP
24576:6ynHGvOpkdL807eJprsEj/1gs9V+OMdpyZVR8lo2QSarsRd:BnHGmpkdLNeDsy1gs9V+OMGZVR8DKoR
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
5b3b69df98aea93f199289802070d29f0815829817936cfd60b3b627e0d20146
-
Size
417KB
-
MD5
e8488a26839a84e34ddb556f2da5c5ee
-
SHA1
dbb587ea77a992c310e912aea891e8c9910d129b
-
SHA256
5b3b69df98aea93f199289802070d29f0815829817936cfd60b3b627e0d20146
-
SHA512
16a139723b70a59570570c020bb6a0b715b597867f49fae1f71883b96c8da8e613be7da13de9be80ba8bc68dd0c3ddcee09f9ce6514bfa8327d6c981dccaac22
-
SSDEEP
6144:KVy+bnr+Mp0yN90QEf6uFCuzf8i/mEPtm+aiGEaC9c2f1+:/MrQy90VjCuLl/mEVm1iVrTo
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
73935ea9dd223123d7d2e2b97d297ba24e82bd39f8b4e6004027a7cc1b07ffcf
-
Size
747KB
-
MD5
c433de9c0a0f7a20b28cf2b91f09db49
-
SHA1
a428304a4fdde5954e04ad84e432857a9da0d4a8
-
SHA256
73935ea9dd223123d7d2e2b97d297ba24e82bd39f8b4e6004027a7cc1b07ffcf
-
SHA512
641050f74b611c3b566290f4f466ea08f26145a3956ac2881b131635151b60caa70e6406642beaa864b273d8e812d6bf9e0781bad15c57c0c076165bc9cfeda5
-
SSDEEP
12288:6MrAy90F1LOzr6fDc67Zi2XabPD7z01KHlrdM3w1p2w73S1C+OMg7N5t9e:WyWk+r7Zi2ayKHvGo73S1C+OMEfe
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7afbfc55db219ad6f0335344f7e4d1119a281a9e98656ca51496a2ccedc75d35
-
Size
1020KB
-
MD5
c22be85e25cdfff5b49395163111b939
-
SHA1
ca927b4b317b9671899f23fb87acad746302abfb
-
SHA256
7afbfc55db219ad6f0335344f7e4d1119a281a9e98656ca51496a2ccedc75d35
-
SHA512
4d26b98249b0bb8fafc761cd8478ce610dba4acdc1e7a7ff5c390244fd32d94a7266b765c467604091bc7911c61f592a8b7666777ef1d2fcd7b0d8c0e35edf68
-
SSDEEP
24576:gysH7/U6YsGdqw8AkzzXSQ//aZJpdmmzlEoBNi8yRYr1:nsb/U6YsDw8bSGIpdm4lRy6
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7b920ad0a6eced7be30fccab39067587eeb4a839174adbe7371d2a0ebb0206fd
-
Size
490KB
-
MD5
e0f4a803421ae7cf8f3ec6b79f4e6644
-
SHA1
879c5d1acd49dc1de7a5038961b6a176bd32be94
-
SHA256
7b920ad0a6eced7be30fccab39067587eeb4a839174adbe7371d2a0ebb0206fd
-
SHA512
a77d1a1f049c018be195de927b94de1465c0e51020232f5307d567ee994abac101208796e01d0bd4f7064c7d8d2bea2b9a73f8543dbacf4f878a9b8faa31ee83
-
SSDEEP
12288:YMrfy90TEL3H7cAAP1fbuq6Sn5ZM+eLtR6:ny13IzCq6Sn5G+eLtR6
Score10/10-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
867a7ac357adfff48d6fc2820efa7db93b3c2303fa2c5f2570c1760004b2a310
-
Size
326KB
-
MD5
42a4c8166d06975d1d157539cf894c84
-
SHA1
2422d09a6f84c344d6559b1e3be233e37c465e36
-
SHA256
867a7ac357adfff48d6fc2820efa7db93b3c2303fa2c5f2570c1760004b2a310
-
SHA512
a48c64e57aca511432ff65afd4106ec969814ebe212a3ca8a8e3fee51bd8dd7d458800fce40773b99c4ed8f67cc1485a9276c0957a6c31a70a923834812be85e
-
SSDEEP
6144:KOy+bnr+7p0yN90QELmX6VOwPBIAy+hy8vlvZgRkajW19m76ya:iMrfy90hm+OnA4q2i107va
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
a69474bf18a7cca7eda490dd3a0e3f56de60989fbd935adbc91521cc640dd35d
-
Size
1.7MB
-
MD5
7e7472d47e817c368c8e777c7ecace66
-
SHA1
947587e37ef199886f32686e111606142c56b50b
-
SHA256
a69474bf18a7cca7eda490dd3a0e3f56de60989fbd935adbc91521cc640dd35d
-
SHA512
6bf1b6153397906a2ee3db5ba204775da984d83beb053002340db52e504fe3f9eebae9e5ace9ef9fbaaa09396b9352fd8c3ff1b7f7d06f9edfef242d7adbfbb7
-
SSDEEP
49152:8zby7WTAMA70B6AXkm6Hz5V6Bm5R1LIJY:cy87A70w26TH91Lh
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
c1509297f254a9c327f8d2f138ec5907931f396cedb4bb4796c5057e78cda87d
-
Size
1005KB
-
MD5
d2a0ec7976e5c9f027555141a8b407a1
-
SHA1
6b5785c452bc0b47a363ffc44f5cd9261b9c53b7
-
SHA256
c1509297f254a9c327f8d2f138ec5907931f396cedb4bb4796c5057e78cda87d
-
SHA512
f42fa8cce1a7d77ec7aeee0efb9d45cd654ff19f18dc70ce22a77de3b24fa5a3a8ebcc502692fac421aafaa1e86dcc032cca6fcc1187b2a1d4c21c39dc1b1445
-
SSDEEP
24576:9yDhDOhrrGmu6n6ncBm2sPYOiPBW3umz9HbZIokron:Ytzy60OwOic3Tb/
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
c1821fe13b3b9c1fc3fe603dfd3668b199fd7d6f671e0f72b8a9fff5a38fd286
-
Size
326KB
-
MD5
82258baf5fd7b18e47c8dd949b380183
-
SHA1
71a30fae26f446b7e5bab3f44e39aa7aac1b8c90
-
SHA256
c1821fe13b3b9c1fc3fe603dfd3668b199fd7d6f671e0f72b8a9fff5a38fd286
-
SHA512
d22f01b9ffb26a2dcf434e2e94b0d00228535f9493d83ac117b9d06f328ebd4ff53a3c7964eac5256d95651985a9973f763bb63c292d7021e7bcbf829e8ac713
-
SSDEEP
6144:Kqy+bnr+Jp0yN90QEJgX6VOwPBIAy+hy8vlvZgRkajW1HV6/1:SMrxy903g+OnA4q2i1161
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
d431e54eb05e1ec91d96e56b56b50a6e510a259b69f7c5c8254a8954192e94f6
-
Size
879KB
-
MD5
5c2b672966a5b08f397c249749e36103
-
SHA1
829b694f77f4f214acc9ef3018b132fba50f1c75
-
SHA256
d431e54eb05e1ec91d96e56b56b50a6e510a259b69f7c5c8254a8954192e94f6
-
SHA512
35097dbd27313f2fdd16162b2d86ded90b7af56c62ae9f0e745d4824f4d006ac08d1351eec0f7a44548de164f87e362b7b0e7fc13cc8c6d0a62bdc9f138f0153
-
SSDEEP
12288:HMrXy90w08HiILJ6XikwJVIsXyerEXiNysVUXm80ZBctoRD34FMJNW5LQDgai+p:gyf08/LJCwzFrl/VvncSkMv4QDdr
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
e0e0fe767a4d28c22c9164941b937ca32139dda9a5ac00b380e14f39f0bc2e79
-
Size
696KB
-
MD5
c7ebfe13a7bf0a68584149c5ddb03abd
-
SHA1
ddc8cd20e9ae316e160214ded1afbb8c077b14f1
-
SHA256
e0e0fe767a4d28c22c9164941b937ca32139dda9a5ac00b380e14f39f0bc2e79
-
SHA512
1f2e9b44c23b34151cc8c86b13c6046618f0b0b64593e645fc1aa347e7d5645defdb6d1c70f7f3bfb5b70376dcf000f47d9a8979deb5a8d74876cfa86146deb4
-
SSDEEP
12288:oMrYy90yI3SObs3vabwalG13yWvTGGtGzyDQUBw6a0b96kuVz:gyDICObs3alG13wGTc0EkOz
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
-
Size
1.1MB
-
MD5
46cc4c160c07962424459a08227709c4
-
SHA1
0c52b072dbd5f0450a6551b77a36b3f167de8c1e
-
SHA256
f1372b1a0961a0c57fe69d716e6992ea2a6a82ef2944465f88c1a99f117de4cc
-
SHA512
112c5d63847569c70f27859d0f1f340a1ceaf2785fd99a4764d35c68c487abd4ac019ce63b6de548438c4c6bbffb3d1aa39ec64e61d73dab60f7a3be3f1d39aa
-
SSDEEP
24576:ayanTPzoNnJUAnIFlf10eIKWgd6OyX80xdLPPXBZPMQ8OCHJSurat:hwfK6FZ1asYOyJTLXvPMdOCpR
Score10/10-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Create or Modify System Process
8Windows Service
8Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Create or Modify System Process
8Windows Service
8Scheduled Task/Job
1