healer | 60fcc3045e1b1073753937ff8c184c464a45ea76225a406024335c07f898cf7b

Sharing

General

Target

r.zip
Size

15.5MB
Sample

240523-wcczvaah4s
MD5

bc40eff9996e38a073700f9f1d7fec1b
SHA1

60392a6c6ad1bddc31d854ab4b1267c5f7629528
SHA256

60fcc3045e1b1073753937ff8c184c464a45ea76225a406024335c07f898cf7b
SHA512

3bb12b04fe6f722495aa1de809486fc9b21bcd1a337e0939cf50270d3319415bf834fc92a88124f39f7f16e146ebb4b82b47a0abc136068f4c9345815ee9389a
SSDEEP

393216:qvgnCsNOBIqSh0vQZEn1qQn0KS42MGeOBZ0ldxT/Qia:ROC/ER43voxT/Qia

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

frant

77.91.124.55:19071

Extracted

Family

redline

Botnet

gigant

77.91.124.55:19071

Extracted

Family

redline

Botnet

lutyr

77.91.124.55:19071

Extracted

Family

redline

Botnet

luska

77.91.124.55:19071

Attributes

auth_value
a6797888f51a88afbfd8854a79ac9357

Extracted

Family

redline

Botnet

ramon

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Extracted

Family

redline

Botnet

trush

77.91.124.82:19071

Attributes

auth_value
c13814867cde8193679cd0cad2d774be

Extracted

Family

redline

Botnet

kukish

77.91.124.55:19071

Targets

- Target
  
  06d3b7d2ba41c5f96bf4cfe6d91d8f9145e4e461450c303c8a12719d8d4746d0
- Size
  
  746KB
- MD5
  
  e3f0d90b107883fbbbfbe142e1ab47f4
- SHA1
  
  1e3e3f873a4e9305f18c9771b4e0d450af3ecc51
- SHA256
  
  06d3b7d2ba41c5f96bf4cfe6d91d8f9145e4e461450c303c8a12719d8d4746d0
- SHA512
  
  8c7ecf4381874c826ab6ed2ddc25f03a011244047050fd47b6e0756c3131c4c3fc59d9fca1bf560985f21928250ab7e93904e867d03324cf8f88e82f9aadb5dd
- SSDEEP
  
  12288:SMryy90/mlGgt30uj4mL1ab2zakYgLkh2CEcOD0UPpBvlkDEQDQexUVJaOSBrxR:Ey+mlkuDL5zoh2CEcOYGhl9wQexUrfSN
Score

10^/10

mystic redline frant evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  08bd377a60108ac1b0fcdb1639ae5695e0fbec00f6e9b3a474c7c09bca1a9353
- Size
  
  936KB
- MD5
  
  485c25ad393240d129c8862f17b18f46
- SHA1
  
  abe9f70ee0cb86a1fce943bc9a50325c452ddf0f
- SHA256
  
  08bd377a60108ac1b0fcdb1639ae5695e0fbec00f6e9b3a474c7c09bca1a9353
- SHA512
  
  4478a42d36787b71bed1c8c7ffc56aa3b94b7765ffe1b225ec58da73c172a6119ed3a6eb4c8b7a2eea30e7f8a16aef7e615c66ec408b80892df9cd3fd2f72809
- SSDEEP
  
  12288:MMrsy908V4Wai4xugZ926NpaBLLrrvbGH8HL7whDNe9KE1n75eomhDGgmV3CU:4yp+ti4zFgBLLrrjGH8/YDNGHeoSEz
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral2
- Target
  
  2847bdc35d083634a5b96f3182851943508eb7b1bab56011c48f79008c1fa6e1
- Size
  
  746KB
- MD5
  
  26e70988e9ff104dd78c943f7d004e9d
- SHA1
  
  4046b9eb79e5cad1742ef0a75013d4066b28c107
- SHA256
  
  2847bdc35d083634a5b96f3182851943508eb7b1bab56011c48f79008c1fa6e1
- SHA512
  
  1b037f2a32eff342b1c3149fa28c36581b741fbf19fb15155d346ee95eb55ce3854c1e3c9256a18ca93e997a74054b8a50118af2dd1c1d8a717cdbae7df06b89
- SSDEEP
  
  12288:yMrgy908TBHN/qGnNwabk8KrI+NSTswitjanL0q5M9m:Gy79N4N7njagqEm
Score

10^/10

mystic redline frant evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f
- Size
  
  1.2MB
- MD5
  
  4a81e0857c9762c946ab1ca7eef1cdf5
- SHA1
  
  1a2d38328e3d5a077bcdda01e89a749fc491f234
- SHA256
  
  2bed4ea70d0e8707549aac41f29fea0c9a994c68cc33636d802429b5694f077f
- SHA512
  
  84754b9ccc2b3384f93c5b1543065d207853eee1c6a47e1a75a46aa61eda06a49f937d4bbdba8fc1074eed33377789b048a80431689435bb6cc32870e6bdee93
- SSDEEP
  
  24576:6yXenkiqAtofLsPurQPLpCw37ew+wDXR3CCJO6TfMU+aLiAFJiBr:BXen6Atoftw1Cw37FlXBPTHluAFJiB
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  3ab0d6f60e85d2715c3d7d4bba0696acfdc80b3976f4f9ae742a64515fae6c46
- Size
  
  590KB
- MD5
  
  6713c091354f340e91c365beab49c32f
- SHA1
  
  b252a29c9d17f0ed8fdfed01a696b8e56502746e
- SHA256
  
  3ab0d6f60e85d2715c3d7d4bba0696acfdc80b3976f4f9ae742a64515fae6c46
- SHA512
  
  d941f621ed9cef82418af2b867155c9fe3224138ebb10c2b8f95d13b7ec5ba9898833253b13a0d108b3cb60980a12b4c6a604ee68335d883b3cab7a99d187bab
- SSDEEP
  
  12288:0MrRy90ha4BFRZfAkDaFgG+qbeEarieMjhcs5Egfq0pOu54:1ykSkDNWeajCslfq44
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  3c1c5a94c544c2a364bd35ce85960c65491d88d7fb81760c2fdfa3e60a24f169
- Size
  
  271KB
- MD5
  
  dc1fc4f950e5fd66dbfee85aeeb7ded1
- SHA1
  
  08b4ae89d28de9e61f25392d2972623172f4e9d7
- SHA256
  
  3c1c5a94c544c2a364bd35ce85960c65491d88d7fb81760c2fdfa3e60a24f169
- SHA512
  
  9a715e619be4f29bc07fa088d2ee5f5ccbcc49ceccb5b92f0e174e41a551f246c231cbe8c98a491d44129ed2dbb0abdde7b68339ece5fe121e10b118fb4b068e
- SSDEEP
  
  6144:Kgy+bnr+cp0yN90QEtrQPo8m1NNUuTjcj1rO6Tg:wMrAy90cQ8mdNTjcjNzg
Score

10^/10

mystic redline ramon infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral6
- Target
  
  76530ae1ec02b17edec61d3cc10e4d427d09d91fe530ef27c17cd6c848152823
- Size
  
  1.2MB
- MD5
  
  64296d253afe98d3345aa143eb8c34fd
- SHA1
  
  9e2cfb181c01a8a1b1764ca0e61510c4e841e951
- SHA256
  
  76530ae1ec02b17edec61d3cc10e4d427d09d91fe530ef27c17cd6c848152823
- SHA512
  
  04ba1538fc69df40e6c6621dacfb3968f2fcfbb4abc2f99dbc4dd9b567aaad939aa94a2075167a001aa267dfbebb8069c4779ea20102d367554f64bae7769282
- SSDEEP
  
  24576:Fyv/GCWfXiX/tb5qMYzV5R79Xr+REto4sDRy8CgSj5Thhh82ACEOz:gvuCWyX/tFuVftaRF4scgSjBHARO
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral7
- Target
  
  7b80c0170b77179545495007e6a16319be71393d2f2cff71b06a4bbe29ff95d1
- Size
  
  417KB
- MD5
  
  929fc630a500f521aa4cf19b3c15f15f
- SHA1
  
  25294f9be26745942693e25cafdbaaaeb05372df
- SHA256
  
  7b80c0170b77179545495007e6a16319be71393d2f2cff71b06a4bbe29ff95d1
- SHA512
  
  dae5bbd842e4cd7176040003069bc791a5be2b8a27a4b4984d7a1cdbfaf1aa9baca3b30b89527c9a1495d825daaaccd7608bad944c2eb75238553cdbc400eab6
- SSDEEP
  
  6144:KJy+bnr+Wp0yN90QEr6uFCuzf8i/mEPtm+aiGEaC9c2fpeUM:PMrWy909jCuLl/mEVm1iVrTIP
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral8
- Target
  
  80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936
- Size
  
  1.2MB
- MD5
  
  7d4e85ff05ae0aa1db90bfb693b473c2
- SHA1
  
  05c82725cf416549d7ef91ccd38ba0f62eab5ed6
- SHA256
  
  80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936
- SHA512
  
  83e60c528d4653593834215560875846d540ec05875957f05598f2e130fc08934e385c1ebb05acc787c6023e229e616d260d4456d5861a7af09168993e77e2c6
- SSDEEP
  
  24576:/yePpbSK2Ctz/Sc01Kp3++uVOuO27WKZw:KeIKlJIgpORzZ
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral9
- Target
  
  888619cf7bd9be384d2417f8820e45505d191b9faaa048e23a92ae8bf72df29e
- Size
  
  417KB
- MD5
  
  3f495d795ac5aea7ba72e6f963bbfcd4
- SHA1
  
  3ee72786aadfa83c67d5517f3c8a4adc0f461e30
- SHA256
  
  888619cf7bd9be384d2417f8820e45505d191b9faaa048e23a92ae8bf72df29e
- SHA512
  
  e62a1e1f3f7c7494de3654cfaacd5d3a765a2d45961b0b8ba83e4f7d235e60d4e7391e63868ad929e703a06c6ae54e8a55c262ea577365d0b4a4c18ed539b90a
- SSDEEP
  
  6144:KGy+bnr+sp0yN90QE76uFCuzf8i/mEPtm+aiGEaC9c2fIdUQ:SMr4y905jCuLl/mEVm1iVrTm/
Score

10^/10

mystic redline gigant infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral10
- Target
  
  8db1b8c1b564daa7faeb55ace7fba1d91c0794df89a04d3780af99dc7b4fb985
- Size
  
  640KB
- MD5
  
  4b646e3a5b0d464bd2dd95b4ad4d8977
- SHA1
  
  256215a229468629466dee3f35ad1f34f28c34d8
- SHA256
  
  8db1b8c1b564daa7faeb55ace7fba1d91c0794df89a04d3780af99dc7b4fb985
- SHA512
  
  60937a5c1a3eab4a92c9a9fb88f26aba988e35aa5861e560b6be9ea01e5325d7667e5de80a12c5cb2bcc5aa63139c8736e18d9aec0f55be0e386c78aad2cd958
- SSDEEP
  
  12288:LMr8y90Pyww+7czLvofHDnghQT+xvqbQm35iE7c+l9PG0ZIyK:nymIzinghQTXliE7c+lZ5Ix
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral11
- Target
  
  9ea70f7e17c798e669e7b4c1c1f53cdd9a2781bb6ba453a9c084bf3392b8585f
- Size
  
  350KB
- MD5
  
  37e7e8390e29fb07765008452e6a4f90
- SHA1
  
  c5691bbf4985fa0ab3085608afe408f090313eab
- SHA256
  
  9ea70f7e17c798e669e7b4c1c1f53cdd9a2781bb6ba453a9c084bf3392b8585f
- SHA512
  
  42c014e0bcb2957a9bb6ba1331fe0c71123489dddbdcc2b4e6b853dfb3b5b5c28d7eb0e02b021a73c036843d01cba0faca91209faf68d82f0cb424c24590d1b8
- SSDEEP
  
  6144:KMy+bnr+3p0yN90QEM4SGRawgsb+NpItzys+F2wccwijev6TXHEw:MMr/y90KtGRat9HEzh+4vcbyv6T3P
Score

10^/10

mystic redline luska infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral12
- Target
  
  9f8dd013ec5282675e933ad77e4db925e8ed2b10bc12f5bee6b62bc0147b0d7e
- Size
  
  758KB
- MD5
  
  91c26abd7319a3d3985366b6b5b66684
- SHA1
  
  1eb2220d917c4179c078594ee15e0b0c77a7cb6a
- SHA256
  
  9f8dd013ec5282675e933ad77e4db925e8ed2b10bc12f5bee6b62bc0147b0d7e
- SHA512
  
  db088565268bb2f1a0351fc040de184b4bb081f4a902b2844ccf51eb734e761fe1f790fe3233d4c502e1e1592fbde343645dea3574d8be5e4b41092f7d80c297
- SSDEEP
  
  12288:UMrqy90Jjt6YnZ71F0rFq8DJ97cW7ASuugdee7ZH00Xbt7j3pqRq1411DRSMnpz:Oy01Z7oFBcWqBdek1bXbtfetRS8p
Score

10^/10

healer redline ramon dropper evasion infostealer persistence trojan
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral13
- Target
  
  aa0c9ad482b23242e3009ff55447fc1f9559ff1412e903acbc14e3ed4c4774cc
- Size
  
  326KB
- MD5
  
  2d1c846ca0a72429e0f56b792ca019f6
- SHA1
  
  5e8f7aa4cb5ae0dffcf4596c5b4e897b10403c23
- SHA256
  
  aa0c9ad482b23242e3009ff55447fc1f9559ff1412e903acbc14e3ed4c4774cc
- SHA512
  
  61be26f0af6cfbe5d927816737316b5da751bd1786829da07067cf8635f955ca1d8c5502c2c915752743668b7ba07ae1db0155d1d93bac5bb938e6fdf06f20fe
- SSDEEP
  
  6144:KNy+bnr+vp0yN90QElAX6VOwPBIAy+hy8vlvZgRkajW1fDa/6:nMrTy90vA+OnA4q2i1ba6
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral14
- Target
  
  aaf88983ad022d086513c9772cb520815581005e78de7f2ea63f2135933d34f6
- Size
  
  1.3MB
- MD5
  
  1da52a515fcdb048ad76d7864464cfb0
- SHA1
  
  e473f6794205d1deb62b752a3fc6ab1ee2b117ae
- SHA256
  
  aaf88983ad022d086513c9772cb520815581005e78de7f2ea63f2135933d34f6
- SHA512
  
  a2b3123a6f2693a9d5ebff9c23949cdd342ddf34e534c88a99e5e178cbb35d2e20e7dc79d61b2ededbde0a65bb04f06a4ef363842d60e06f05b8b2b92f581d40
- SSDEEP
  
  24576:HyDpyG2BdeCmEa6MW0uUCfd5J45NAxLzlN/8C5Z23cHYKWKMxHbE1X9lr4:SmYCfMWDUskNoXM534YqMuB
Score

10^/10

healer mystic redline smokeloader trush backdoor dropper evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Detects Healer an antivirus disabler dropper
- Healer
  Healer an antivirus disabler dropper.
  dropper healer
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral15
- Target
  
  b12a5fda99550910914026e21295da2406a3d94496d0091261fd72c6336dda06
- Size
  
  1.1MB
- MD5
  
  5a466aa4f85cd70486066bca0c04288a
- SHA1
  
  e07607b618425d99d77b4cd7bc92f73335ef9927
- SHA256
  
  b12a5fda99550910914026e21295da2406a3d94496d0091261fd72c6336dda06
- SHA512
  
  f2ae2f330511b719a5fea62d230efa0b8353a574a07447252f40a6401bd7214b7367b1e7ee0da9e70b14347b2602826b923b5da196c46b83649f0d8c2f275e03
- SSDEEP
  
  24576:iyrIp3fgghuDwBylwmclkwkg8ccyAJIxU3c8BtKF:Jsp3D4kBgnwOccDoU3c8
Score

10^/10

mystic redline kukish infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral16
- Target
  
  b754f77f3f7979982512737911316ed9033bfd21616cbf6657291e3730f76b44
- Size
  
  598KB
- MD5
  
  79504797282c6ffa60a377bb716c9896
- SHA1
  
  b5300d249069c36dbee175fffbcd2aca6729d5da
- SHA256
  
  b754f77f3f7979982512737911316ed9033bfd21616cbf6657291e3730f76b44
- SHA512
  
  ab2e96d05fb5510da46130882a8098432baaaf09bfeca804a8d263fba17f6eba11571ed9b1f349f1d492ec0ce678bbacdd1116c6ba2b9d5c11f3ddc587b8e036
- SSDEEP
  
  12288:ZMrDy900un5B6oTeRNKHPWbOM+ppvsasM9Ygv5pS3rM+SLqJZ0f3UddEHf:qysB6oTebsRzDEcYrvi0m3/
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral17
- Target
  
  c6c6e2b36cc534a5768d98292b94e03e95b6ecccd57823d6099475b213bcdc88
- Size
  
  1.3MB
- MD5
  
  cc07fdc9cfb6929cb13c54068f89e17f
- SHA1
  
  efee85b22b066cbe59dfd90e7b010eceacc764e0
- SHA256
  
  c6c6e2b36cc534a5768d98292b94e03e95b6ecccd57823d6099475b213bcdc88
- SHA512
  
  f2d3c6a2c98aaa41803c27bf800b7c8de2537ac460057f0cc1d9a35f56d3fa0255b0a37ef6e4e522a16b4a856ad327aca66449f8e6be1ebb90ba62307b757780
- SSDEEP
  
  24576:myI4sj4b7MX2hW2NjE7B8YaZqITgWfjN9+njDVUVEhMBj3bOoTA:1LmE7M2djE7mYwIENqSEhgj3SoT
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral18
- Target
  
  dce2842856c08ba56e502c9ada32f6f2021ca954c80f8cb01420313be7d87f6c
- Size
  
  1.3MB
- MD5
  
  922aa1767805c66a52786db6e78a8bbb
- SHA1
  
  a8e0f525410c5ebdcccc86ebd8e060d91b9b9602
- SHA256
  
  dce2842856c08ba56e502c9ada32f6f2021ca954c80f8cb01420313be7d87f6c
- SHA512
  
  d64f580142bf8ccdd4000c7f970b58763f1ccfb395bc23bc0510ef4b8676230cf307943318e6304b6b50fd0245e3f5857381e72b32eeaf78faedfbce892e7b5d
- SSDEEP
  
  24576:JyT8hyO+o2e6TMXcwLimZ0ryGSx0ryePG321pNYwaQNas8BvfGrBDQeKuQRNhr18:8wITPwLYyhx0r7GGFYw/0TvCPKDNhpw
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral19
- Target
  
  e2d91002642b377c066dc30f757a804dc6d7ed695d4abae87af60cda84c0098e
- Size
  
  1.0MB
- MD5
  
  8ad707306b83faab38fb449d43c45a31
- SHA1
  
  725d4a61f55a820cf9349d7933ce8ecc6c24a0f0
- SHA256
  
  e2d91002642b377c066dc30f757a804dc6d7ed695d4abae87af60cda84c0098e
- SHA512
  
  5b6234453c239da3236cbe9fad5b2be1d56bbbed23bcb3b28c295c173dbea5af3bb7e5f7954baa7eade7ff9c7f32669c67c81ab421102cb7ce3db4c08fd2ab79
- SSDEEP
  
  24576:myOPsoeMABVFFHw3Yx+1EfLLs2TqoNNIXf:1OP+MuVFFQxAAw/NNI
Score

10^/10

mystic redline lutyr infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral20

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

RedLine

RedLine payload

Executes dropped EXE

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Modifies Windows Defender Real-time Protection settings

Mystic

RedLine

RedLine payload

Executes dropped EXE

Windows security modification

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine

RedLine payload

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

Detect Mystic stealer payload

Mystic

RedLine