Overview

overview

10

Static

static

3

06d3b7d2ba...d0.exe

windows10-2004-x64

10

08bd377a60...53.exe

windows10-2004-x64

10

2847bdc35d...e1.exe

windows10-2004-x64

10

2bed4ea70d...7f.exe

windows10-2004-x64

10

3ab0d6f60e...46.exe

windows10-2004-x64

10

3c1c5a94c5...69.exe

windows10-2004-x64

10

76530ae1ec...23.exe

windows10-2004-x64

10

7b80c0170b...d1.exe

windows10-2004-x64

10

80633f3a01...36.exe

windows10-2004-x64

10

888619cf7b...9e.exe

windows10-2004-x64

10

8db1b8c1b5...85.exe

windows10-2004-x64

10

9ea70f7e17...5f.exe

windows10-2004-x64

10

9f8dd013ec...7e.exe

windows10-2004-x64

10

aa0c9ad482...cc.exe

windows10-2004-x64

10

aaf88983ad...f6.exe

windows10-2004-x64

10

b12a5fda99...06.exe

windows10-2004-x64

10

b754f77f3f...44.exe

windows10-2004-x64

10

c6c6e2b36c...88.exe

windows10-2004-x64

10

dce2842856...6c.exe

windows10-2004-x64

10

e2d9100264...8e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    r.zip

  • Size

    15.5MB

  • Sample

    240523-wcczvaah4s

  • MD5

    bc40eff9996e38a073700f9f1d7fec1b

  • SHA1

    60392a6c6ad1bddc31d854ab4b1267c5f7629528

  • SHA256

    60fcc3045e1b1073753937ff8c184c464a45ea76225a406024335c07f898cf7b

  • SHA512

    3bb12b04fe6f722495aa1de809486fc9b21bcd1a337e0939cf50270d3319415bf834fc92a88124f39f7f16e146ebb4b82b47a0abc136068f4c9345815ee9389a

  • SSDEEP

    393216:qvgnCsNOBIqSh0vQZEn1qQn0KS42MGeOBZ0ldxT/Qia:ROC/ER43voxT/Qia

Score
10/10
healermysticredlinesmokeloaderfrantgigantkukishluskalutyrramontrushbackdoordropperevasioninfostealerpersistencestealertrojan

Malware Config

Extracted

Family

redline

Botnet

frant

C2

77.91.124.55:19071

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Extracted

Family

redline

Botnet

lutyr

C2

77.91.124.55:19071

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Extracted

Family

redline

Botnet

trush

C2

77.91.124.82:19071

Attributes
  • auth_value

    c13814867cde8193679cd0cad2d774be

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      06d3b7d2ba41c5f96bf4cfe6d91d8f9145e4e461450c303c8a12719d8d4746d0

    • Size

      746KB

    • MD5

      e3f0d90b107883fbbbfbe142e1ab47f4

    • SHA1

      1e3e3f873a4e9305f18c9771b4e0d450af3ecc51

    • SHA256

      06d3b7d2ba41c5f96bf4cfe6d91d8f9145e4e461450c303c8a12719d8d4746d0

    • SHA512

      8c7ecf4381874c826ab6ed2ddc25f03a011244047050fd47b6e0756c3131c4c3fc59d9fca1bf560985f21928250ab7e93904e867d03324cf8f88e82f9aadb5dd

    • SSDEEP

      12288:SMryy90/mlGgt30uj4mL1ab2zakYgLkh2CEcOD0UPpBvlkDEQDQexUVJaOSBrxR:Ey+mlkuDL5zoh2CEcOYGhl9wQexUrfSN

    Score
    10/10
    mysticredlinefrantevasioninfostealerpersistencestealertrojan

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

    • Target

      08bd377a60108ac1b0fcdb1639ae5695e0fbec00f6e9b3a474c7c09bca1a9353

    • Size

      936KB

    • MD5

      485c25ad393240d129c8862f17b18f46

    • SHA1

      abe9f70ee0cb86a1fce943bc9a50325c452ddf0f

    • SHA256

      08bd377a60108ac1b0fcdb1639ae5695e0fbec00f6e9b3a474c7c09bca1a9353

    • SHA512

      4478a42d36787b71bed1c8c7ffc56aa3b94b7765ffe1b225ec58da73c172a6119ed3a6eb4c8b7a2eea30e7f8a16aef7e615c66ec408b80892df9cd3fd2f72809

    • SSDEEP

      12288:MMrsy908V4Wai4xugZ926NpaBLLrrvbGH8HL7whDNe9KE1n75eomhDGgmV3CU:4yp+ti4zFgBLLrrjGH8/YDNGHeoSEz

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral2

    • Target

      2847bdc35d083634a5b96f3182851943508eb7b1bab56011c48f79008c1fa6e1

    • Size

      746KB

    • MD5

      26e70988e9ff104dd78c943f7d004e9d

    • SHA1

      4046b9eb79e5cad1742ef0a75013d4066b28c107

    • SHA256

      2847bdc35d083634a5b96f3182851943508eb7b1bab56011c48f79008c1fa6e1

    • SHA512

      1b037f2a32eff342b1c3149fa28c36581b741fbf19fb15155d346ee95eb55ce3854c1e3c9256a18ca93e997a74054b8a50118af2dd1c1d8a717cdbae7df06b89

    • SSDEEP

      12288:yMrgy908TBHN/qGnNwabk8KrI+NSTswitjanL0q5M9m:Gy79N4N7njagqEm

    Score
    10/10
    mysticredlinefrantevasioninfostealerpersistencestealertrojan

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral3

    • Target

      2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

    • Size

      1.2MB

    • MD5

      4a81e0857c9762c946ab1ca7eef1cdf5

    • SHA1

      1a2d38328e3d5a077bcdda01e89a749fc491f234

    • SHA256

      2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f

    • SHA512

      84754b9ccc2b3384f93c5b1543065d207853eee1c6a47e1a75a46aa61eda06a49f937d4bbdba8fc1074eed33377789b048a80431689435bb6cc32870e6bdee93

    • SSDEEP

      24576:6yXenkiqAtofLsPurQPLpCw37ew+wDXR3CCJO6TfMU+aLiAFJiBr:BXen6Atoftw1Cw37FlXBPTHluAFJiB

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral4

    • Target

      3ab0d6f60e85d2715c3d7d4bba0696acfdc80b3976f4f9ae742a64515fae6c46

    • Size

      590KB

    • MD5

      6713c091354f340e91c365beab49c32f

    • SHA1

      b252a29c9d17f0ed8fdfed01a696b8e56502746e

    • SHA256

      3ab0d6f60e85d2715c3d7d4bba0696acfdc80b3976f4f9ae742a64515fae6c46

    • SHA512

      d941f621ed9cef82418af2b867155c9fe3224138ebb10c2b8f95d13b7ec5ba9898833253b13a0d108b3cb60980a12b4c6a604ee68335d883b3cab7a99d187bab

    • SSDEEP

      12288:0MrRy90ha4BFRZfAkDaFgG+qbeEarieMjhcs5Egfq0pOu54:1ykSkDNWeajCslfq44

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral5

    • Target

      3c1c5a94c544c2a364bd35ce85960c65491d88d7fb81760c2fdfa3e60a24f169

    • Size

      271KB

    • MD5

      dc1fc4f950e5fd66dbfee85aeeb7ded1

    • SHA1

      08b4ae89d28de9e61f25392d2972623172f4e9d7

    • SHA256

      3c1c5a94c544c2a364bd35ce85960c65491d88d7fb81760c2fdfa3e60a24f169

    • SHA512

      9a715e619be4f29bc07fa088d2ee5f5ccbcc49ceccb5b92f0e174e41a551f246c231cbe8c98a491d44129ed2dbb0abdde7b68339ece5fe121e10b118fb4b068e

    • SSDEEP

      6144:Kgy+bnr+cp0yN90QEtrQPo8m1NNUuTjcj1rO6Tg:wMrAy90cQ8mdNTjcjNzg

    Score
    10/10
    mysticredlineramoninfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral6

    • Target

      76530ae1ec02b17edec61d3cc10e4d427d09d91fe530ef27c17cd6c848152823

    • Size

      1.2MB

    • MD5

      64296d253afe98d3345aa143eb8c34fd

    • SHA1

      9e2cfb181c01a8a1b1764ca0e61510c4e841e951

    • SHA256

      76530ae1ec02b17edec61d3cc10e4d427d09d91fe530ef27c17cd6c848152823

    • SHA512

      04ba1538fc69df40e6c6621dacfb3968f2fcfbb4abc2f99dbc4dd9b567aaad939aa94a2075167a001aa267dfbebb8069c4779ea20102d367554f64bae7769282

    • SSDEEP

      24576:Fyv/GCWfXiX/tb5qMYzV5R79Xr+REto4sDRy8CgSj5Thhh82ACEOz:gvuCWyX/tFuVftaRF4scgSjBHARO

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral7

    • Target

      7b80c0170b77179545495007e6a16319be71393d2f2cff71b06a4bbe29ff95d1

    • Size

      417KB

    • MD5

      929fc630a500f521aa4cf19b3c15f15f

    • SHA1

      25294f9be26745942693e25cafdbaaaeb05372df

    • SHA256

      7b80c0170b77179545495007e6a16319be71393d2f2cff71b06a4bbe29ff95d1

    • SHA512

      dae5bbd842e4cd7176040003069bc791a5be2b8a27a4b4984d7a1cdbfaf1aa9baca3b30b89527c9a1495d825daaaccd7608bad944c2eb75238553cdbc400eab6

    • SSDEEP

      6144:KJy+bnr+Wp0yN90QEr6uFCuzf8i/mEPtm+aiGEaC9c2fpeUM:PMrWy909jCuLl/mEVm1iVrTIP

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral8

    • Target

      80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936

    • Size

      1.2MB

    • MD5

      7d4e85ff05ae0aa1db90bfb693b473c2

    • SHA1

      05c82725cf416549d7ef91ccd38ba0f62eab5ed6

    • SHA256

      80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936

    • SHA512

      83e60c528d4653593834215560875846d540ec05875957f05598f2e130fc08934e385c1ebb05acc787c6023e229e616d260d4456d5861a7af09168993e77e2c6

    • SSDEEP

      24576:/yePpbSK2Ctz/Sc01Kp3++uVOuO27WKZw:KeIKlJIgpORzZ

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral9

    • Target

      888619cf7bd9be384d2417f8820e45505d191b9faaa048e23a92ae8bf72df29e

    • Size

      417KB

    • MD5

      3f495d795ac5aea7ba72e6f963bbfcd4

    • SHA1

      3ee72786aadfa83c67d5517f3c8a4adc0f461e30

    • SHA256

      888619cf7bd9be384d2417f8820e45505d191b9faaa048e23a92ae8bf72df29e

    • SHA512

      e62a1e1f3f7c7494de3654cfaacd5d3a765a2d45961b0b8ba83e4f7d235e60d4e7391e63868ad929e703a06c6ae54e8a55c262ea577365d0b4a4c18ed539b90a

    • SSDEEP

      6144:KGy+bnr+sp0yN90QE76uFCuzf8i/mEPtm+aiGEaC9c2fIdUQ:SMr4y905jCuLl/mEVm1iVrTm/

    Score
    10/10
    mysticredlinegigantinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral10

    • Target

      8db1b8c1b564daa7faeb55ace7fba1d91c0794df89a04d3780af99dc7b4fb985

    • Size

      640KB

    • MD5

      4b646e3a5b0d464bd2dd95b4ad4d8977

    • SHA1

      256215a229468629466dee3f35ad1f34f28c34d8

    • SHA256

      8db1b8c1b564daa7faeb55ace7fba1d91c0794df89a04d3780af99dc7b4fb985

    • SHA512

      60937a5c1a3eab4a92c9a9fb88f26aba988e35aa5861e560b6be9ea01e5325d7667e5de80a12c5cb2bcc5aa63139c8736e18d9aec0f55be0e386c78aad2cd958

    • SSDEEP

      12288:LMr8y90Pyww+7czLvofHDnghQT+xvqbQm35iE7c+l9PG0ZIyK:nymIzinghQTXliE7c+lZ5Ix

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral11

    • Target

      9ea70f7e17c798e669e7b4c1c1f53cdd9a2781bb6ba453a9c084bf3392b8585f

    • Size

      350KB

    • MD5

      37e7e8390e29fb07765008452e6a4f90

    • SHA1

      c5691bbf4985fa0ab3085608afe408f090313eab

    • SHA256

      9ea70f7e17c798e669e7b4c1c1f53cdd9a2781bb6ba453a9c084bf3392b8585f

    • SHA512

      42c014e0bcb2957a9bb6ba1331fe0c71123489dddbdcc2b4e6b853dfb3b5b5c28d7eb0e02b021a73c036843d01cba0faca91209faf68d82f0cb424c24590d1b8

    • SSDEEP

      6144:KMy+bnr+3p0yN90QEM4SGRawgsb+NpItzys+F2wccwijev6TXHEw:MMr/y90KtGRat9HEzh+4vcbyv6T3P

    Score
    10/10
    mysticredlineluskainfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral12

    • Target

      9f8dd013ec5282675e933ad77e4db925e8ed2b10bc12f5bee6b62bc0147b0d7e

    • Size

      758KB

    • MD5

      91c26abd7319a3d3985366b6b5b66684

    • SHA1

      1eb2220d917c4179c078594ee15e0b0c77a7cb6a

    • SHA256

      9f8dd013ec5282675e933ad77e4db925e8ed2b10bc12f5bee6b62bc0147b0d7e

    • SHA512

      db088565268bb2f1a0351fc040de184b4bb081f4a902b2844ccf51eb734e761fe1f790fe3233d4c502e1e1592fbde343645dea3574d8be5e4b41092f7d80c297

    • SSDEEP

      12288:UMrqy90Jjt6YnZ71F0rFq8DJ97cW7ASuugdee7ZH00Xbt7j3pqRq1411DRSMnpz:Oy01Z7oFBcWqBdek1bXbtfetRS8p

    Score
    10/10
    healerredlineramondropperevasioninfostealerpersistencetrojan

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral13

    • Target

      aa0c9ad482b23242e3009ff55447fc1f9559ff1412e903acbc14e3ed4c4774cc

    • Size

      326KB

    • MD5

      2d1c846ca0a72429e0f56b792ca019f6

    • SHA1

      5e8f7aa4cb5ae0dffcf4596c5b4e897b10403c23

    • SHA256

      aa0c9ad482b23242e3009ff55447fc1f9559ff1412e903acbc14e3ed4c4774cc

    • SHA512

      61be26f0af6cfbe5d927816737316b5da751bd1786829da07067cf8635f955ca1d8c5502c2c915752743668b7ba07ae1db0155d1d93bac5bb938e6fdf06f20fe

    • SSDEEP

      6144:KNy+bnr+vp0yN90QElAX6VOwPBIAy+hy8vlvZgRkajW1fDa/6:nMrTy90vA+OnA4q2i1ba6

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral14

    • Target

      aaf88983ad022d086513c9772cb520815581005e78de7f2ea63f2135933d34f6

    • Size

      1.3MB

    • MD5

      1da52a515fcdb048ad76d7864464cfb0

    • SHA1

      e473f6794205d1deb62b752a3fc6ab1ee2b117ae

    • SHA256

      aaf88983ad022d086513c9772cb520815581005e78de7f2ea63f2135933d34f6

    • SHA512

      a2b3123a6f2693a9d5ebff9c23949cdd342ddf34e534c88a99e5e178cbb35d2e20e7dc79d61b2ededbde0a65bb04f06a4ef363842d60e06f05b8b2b92f581d40

    • SSDEEP

      24576:HyDpyG2BdeCmEa6MW0uUCfd5J45NAxLzlN/8C5Z23cHYKWKMxHbE1X9lr4:SmYCfMWDUskNoXM534YqMuB

    Score
    10/10
    healermysticredlinesmokeloadertrushbackdoordropperevasioninfostealerpersistencestealertrojan

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral15

    • Target

      b12a5fda99550910914026e21295da2406a3d94496d0091261fd72c6336dda06

    • Size

      1.1MB

    • MD5

      5a466aa4f85cd70486066bca0c04288a

    • SHA1

      e07607b618425d99d77b4cd7bc92f73335ef9927

    • SHA256

      b12a5fda99550910914026e21295da2406a3d94496d0091261fd72c6336dda06

    • SHA512

      f2ae2f330511b719a5fea62d230efa0b8353a574a07447252f40a6401bd7214b7367b1e7ee0da9e70b14347b2602826b923b5da196c46b83649f0d8c2f275e03

    • SSDEEP

      24576:iyrIp3fgghuDwBylwmclkwkg8ccyAJIxU3c8BtKF:Jsp3D4kBgnwOccDoU3c8

    Score
    10/10
    mysticredlinekukishinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral16

    • Target

      b754f77f3f7979982512737911316ed9033bfd21616cbf6657291e3730f76b44

    • Size

      598KB

    • MD5

      79504797282c6ffa60a377bb716c9896

    • SHA1

      b5300d249069c36dbee175fffbcd2aca6729d5da

    • SHA256

      b754f77f3f7979982512737911316ed9033bfd21616cbf6657291e3730f76b44

    • SHA512

      ab2e96d05fb5510da46130882a8098432baaaf09bfeca804a8d263fba17f6eba11571ed9b1f349f1d492ec0ce678bbacdd1116c6ba2b9d5c11f3ddc587b8e036

    • SSDEEP

      12288:ZMrDy900un5B6oTeRNKHPWbOM+ppvsasM9Ygv5pS3rM+SLqJZ0f3UddEHf:qysB6oTebsRzDEcYrvi0m3/

    Score
    10/10
    mysticevasionpersistencestealertrojan

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral17

    • Target

      c6c6e2b36cc534a5768d98292b94e03e95b6ecccd57823d6099475b213bcdc88

    • Size

      1.3MB

    • MD5

      cc07fdc9cfb6929cb13c54068f89e17f

    • SHA1

      efee85b22b066cbe59dfd90e7b010eceacc764e0

    • SHA256

      c6c6e2b36cc534a5768d98292b94e03e95b6ecccd57823d6099475b213bcdc88

    • SHA512

      f2d3c6a2c98aaa41803c27bf800b7c8de2537ac460057f0cc1d9a35f56d3fa0255b0a37ef6e4e522a16b4a856ad327aca66449f8e6be1ebb90ba62307b757780

    • SSDEEP

      24576:myI4sj4b7MX2hW2NjE7B8YaZqITgWfjN9+njDVUVEhMBj3bOoTA:1LmE7M2djE7mYwIENqSEhgj3SoT

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral18

    • Target

      dce2842856c08ba56e502c9ada32f6f2021ca954c80f8cb01420313be7d87f6c

    • Size

      1.3MB

    • MD5

      922aa1767805c66a52786db6e78a8bbb

    • SHA1

      a8e0f525410c5ebdcccc86ebd8e060d91b9b9602

    • SHA256

      dce2842856c08ba56e502c9ada32f6f2021ca954c80f8cb01420313be7d87f6c

    • SHA512

      d64f580142bf8ccdd4000c7f970b58763f1ccfb395bc23bc0510ef4b8676230cf307943318e6304b6b50fd0245e3f5857381e72b32eeaf78faedfbce892e7b5d

    • SSDEEP

      24576:JyT8hyO+o2e6TMXcwLimZ0ryGSx0ryePG321pNYwaQNas8BvfGrBDQeKuQRNhr18:8wITPwLYyhx0r7GGFYw/0TvCPKDNhpw

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral19

    • Target

      e2d91002642b377c066dc30f757a804dc6d7ed695d4abae87af60cda84c0098e

    • Size

      1.0MB

    • MD5

      8ad707306b83faab38fb449d43c45a31

    • SHA1

      725d4a61f55a820cf9349d7933ce8ecc6c24a0f0

    • SHA256

      e2d91002642b377c066dc30f757a804dc6d7ed695d4abae87af60cda84c0098e

    • SHA512

      5b6234453c239da3236cbe9fad5b2be1d56bbbed23bcb3b28c295c173dbea5af3bb7e5f7954baa7eade7ff9c7f32669c67c81ab421102cb7ce3db4c08fd2ab79

    • SSDEEP

      24576:myOPsoeMABVFFHw3Yx+1EfLLs2TqoNNIXf:1OP+MuVFFQxAAw/NNI

    Score
    10/10
    mysticredlinelutyrinfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral20

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

mysticredlinefrantevasioninfostealerpersistencestealertrojan
Score
10/10

behavioral2

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10

behavioral3

mysticredlinefrantevasioninfostealerpersistencestealertrojan
Score
10/10

behavioral4

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral5

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral6

mysticredlineramoninfostealerpersistencestealer
Score
10/10

behavioral7

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral8

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral9

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral10

mysticredlinegigantinfostealerpersistencestealer
Score
10/10

behavioral11

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10

behavioral12

mysticredlineluskainfostealerpersistencestealer
Score
10/10

behavioral13

healerredlineramondropperevasioninfostealerpersistencetrojan
Score
10/10

behavioral14

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10

behavioral15

healermysticredlinesmokeloadertrushbackdoordropperevasioninfostealerpersistencestealertrojan
Score
10/10

behavioral16

mysticredlinekukishinfostealerpersistencestealer
Score
10/10

behavioral17

mysticevasionpersistencestealertrojan
Score
10/10

behavioral18

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10

behavioral19

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10

behavioral20

mysticredlinelutyrinfostealerpersistencestealer
Score
10/10