General
-
Target
r1.zip
-
Size
16.3MB
-
Sample
240523-xrfvqacg2s
-
MD5
cbe625603a4ce0bafb944fd47d6efd40
-
SHA1
1fe8c9419d623a579be005af6c6092400090ccaa
-
SHA256
ddc6b496a8a25762ee7b933f47107c5553187f5846568bf68b67dd8d5f4a7548
-
SHA512
c4df49c558e1a5835e787499d6de11e85a12c2b042bf17bf87cf94b528792065fc32b655e01faf161edd0232243ab10fb1cccb490b8edc70c037d22ea13a5d77
-
SSDEEP
393216:vmPEgfmyoogP/X4NWKRZmxq07whV0XPJW4obS0ecUh8yp4A:vY+yRWKhn0XB9ooc5y7
Malware Config
Extracted
redline
kukish
77.91.124.55:19071
Extracted
redline
plost
77.91.124.86:19084
Extracted
amadey
3.89
04d170
http://77.91.124.1
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
-
url_paths
/theme/index.php
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Extracted
risepro
194.49.94.152
193.233.132.51
Extracted
mystic
http://5.42.92.211/
Extracted
redline
magia
77.91.124.55:19071
Targets
-
-
Target
0e266a72166321124c500c505eac80a998786768d1c1e7be12c0c09adbdb969f
-
Size
999KB
-
MD5
159973826e86877cbb334e7e1a0e5607
-
SHA1
cbbe3557369e98c878fd630d39f94e1354b9f136
-
SHA256
0e266a72166321124c500c505eac80a998786768d1c1e7be12c0c09adbdb969f
-
SHA512
d5748eeefb9865b6487a456f7d6fcd862b9a62caff1e6870c82289dbcbf6c1c7b5f3c75906a2825f60c1bf8203be3d5f0a9558c9eeb00c72ec6b338094f40e8e
-
SSDEEP
24576:eyn15WsEcSEL7pRBka7PyKfrj+3H1fluHx:tn1ofEL7pHpDWlduH
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
0fed7be9f1bc5655b7c37c7839da72b6233320884e7029c3ca465ec9fa0bdc18
-
Size
627KB
-
MD5
a023dcdf69a662c78b89ea42e27ddff1
-
SHA1
c285a8ddd972405bba6a643c45614bb9f6a7a1bb
-
SHA256
0fed7be9f1bc5655b7c37c7839da72b6233320884e7029c3ca465ec9fa0bdc18
-
SHA512
02bed9b5c5bdabbb6890d92813c11c0401078a51762733a0ff1652860ce1f04b0df88f1a1873b940133dcdce2ca609897b00b27116b353b8b299daa662b1db9b
-
SSDEEP
12288:0Mrvy90w5u6t5if8iVo7jP8+ixDdt+PNbzQAyU9rwRxxDb/3brOw5aLc:Dyo6Ti27j0+ix8zQAXRCxb/3brL5l
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
16ac715816f3482cfc24aaddcdcd5f3994bb21599090c021f66c1dce047523ea
-
Size
383KB
-
MD5
6ba04314f4ed46576cd545308fade99d
-
SHA1
26115ecbd1dc9d403c5c447e41f34afee5aae962
-
SHA256
16ac715816f3482cfc24aaddcdcd5f3994bb21599090c021f66c1dce047523ea
-
SHA512
8018b3fa58c041d40decd6dc93e4ce33bcb7fd6550147735d35dc1032c158e145a7d150e0906a09f0d73925c96bfd210190aa7cec280eef132bdfdff25c49f90
-
SSDEEP
6144:KKy+bnr+lp0yN90QEMYuezbbTMDy00FkyGWydCzQBM2MzMB/+y8s:6MrFy90rcVyIdCmMKB
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
26c470a8b0d923529cb630dee55e87b901f38e0ee675c3213b68e8b1db239e9a
-
Size
383KB
-
MD5
93833fe8aab95b2c03057b727f4cf1e4
-
SHA1
035778f8574072c91b0f24e884b81fb04307d267
-
SHA256
26c470a8b0d923529cb630dee55e87b901f38e0ee675c3213b68e8b1db239e9a
-
SHA512
df64baedc559146652d0463b8164f0c546c8c6ada13b66b1e5adc47a5391d6b1894d46ad3563e839072144296786c90b1658686058207646f779a563afddfb52
-
SSDEEP
6144:Kuy+bnr+Tp0yN90QEkRT1NJ2MDrinQh/Jm4w6eN9jf1MjqFrDuAmjH3UK+c7:yMr/y90cTTJDriuk449jSjqlaLUKD
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2d47818e79d8f9acc3caa85a2d99191ec3eff5843f379ecb9acf5e8610da5279
-
Size
1.3MB
-
MD5
11728981fb1adc2e63a6b2d6fcde146e
-
SHA1
fa4e657cc1864bc8b3ce2becd08754443c554ce3
-
SHA256
2d47818e79d8f9acc3caa85a2d99191ec3eff5843f379ecb9acf5e8610da5279
-
SHA512
a4773eac380244c47c6bbd70fd55b93ae3c84d1c9ae72d7872ed33bee50fa60d6fb57588a8a2e91a4ebe7dee61e6df9370eb884a08f2922cf35b3f47cc6fe04b
-
SSDEEP
24576:gyoY+pehFeujvFIrFR2g9sJIHynJ6UwcOJHdaK5jBpqY:noY8eBOrFR2R2HyJ6RcOZdaK5
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2e6c446801978c45f270ec540c0c9884a83b944218fb00b16d7091ab41c28ca5
-
Size
461KB
-
MD5
f00def9d28e0765f7d1660e542ac36b4
-
SHA1
8698ee29d45df86585c19e6835db53ee6b0872f1
-
SHA256
2e6c446801978c45f270ec540c0c9884a83b944218fb00b16d7091ab41c28ca5
-
SHA512
f2c18a6ff68c5da7e4afbe86fb5ad50e0d0bdd5db7889dfc508640f963bb911246929945b2db2f263c1b13847db55f3d6a49df638805ecec3d22e288a93df54c
-
SSDEEP
6144:ZUJEOvl/jTFn4F31HJybyv5AOCfcMOvFQHPFtJWP5ZivTjnrjOP:ZJOv1xnszhIU4jEfEX
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
2f02d9074fc5208b7b3e27f59a5867d15d3e0fa8490020ad8680b051f00a27e7
-
Size
1.1MB
-
MD5
574b5088165ebfab5fec731e61dc88e6
-
SHA1
6ec50cb2d6bf1ac789a69248ef9be3a8d4aec49b
-
SHA256
2f02d9074fc5208b7b3e27f59a5867d15d3e0fa8490020ad8680b051f00a27e7
-
SHA512
ced733ee1a296175da218cc172e3eaff200ea27491fddfcf77a587e41e90995d3a9bad6dd8b089623f605fb84b6e6d7cda6ac05777f9d0f05d4f1d4beb9a6fcf
-
SSDEEP
24576:wyQsfXuiTVL1UPspHCyxIgSE6TLL5dwGP7wTG1Ma8d:3D/JTB1UPspi6IVE6TLLUsj6/
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4d1fc94da13e115d0cfb24b80df5875a92e199a440121a1fe8c37f1258ef23dc
-
Size
396KB
-
MD5
453e5bf4c8900e6f1a1e39d2371cb1e6
-
SHA1
8a6626ae789fd0ff3c88070b48efcf4c53ceb301
-
SHA256
4d1fc94da13e115d0cfb24b80df5875a92e199a440121a1fe8c37f1258ef23dc
-
SHA512
1de775577bc2093b37b5ce94583eb96d61c072c1c30c100d3ca8e696613dba369a32808205d79bd65e2a5083d737c2668c41f9ff9ccc196da89e765bae57683a
-
SSDEEP
6144:KCy+bnr+np0yN90QEPoEzV8TdQy9VBzECewwI5hb4GsT50L:+MrTy90GEzudQyPNEwpsTq
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
521f6870a363ff65470792799f32a31b9a55349765195a9c0e5e0d64ffa38307
-
Size
1.1MB
-
MD5
5ecf660444c5950f928f231c59e01ccf
-
SHA1
e92ba6431c28dd0280de17dce1c27baa987cf6b4
-
SHA256
521f6870a363ff65470792799f32a31b9a55349765195a9c0e5e0d64ffa38307
-
SHA512
0d08a5e0668491ff40ea5d88664d1b7c8dd2d38e458c9650da98187c404d11743ddbe984cb43f417fa940ccf1574ee4d3ffc2c3ac3ab6fe045dbb51a722a9aca
-
SSDEEP
24576:UysGSudEAJQDdDAltf4x0WBCeDsRJh5bnzE6kwA24HgoHAYOKj:j9ldbJQBDAltf4xweWhZzbAd5N
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
5e01d698adb505dae22bf133909e0103e980c2f29ad0c1eecdf47f2487dafed1
-
Size
776KB
-
MD5
3fb39c64bc51453caaed2cb2b02eef35
-
SHA1
ffbabae9885bb091d068e7115fba1260c9bfc27f
-
SHA256
5e01d698adb505dae22bf133909e0103e980c2f29ad0c1eecdf47f2487dafed1
-
SHA512
592a798cf40420c14ed38a8bd0f9266c8296379dff6b27fbbefacfe3eb96f43327b6911d5eb4324da322f49273242cb69404336183f127a858e27b223a8a4dfa
-
SSDEEP
12288:EMr7y900pZAtSSkb8EEcRM1It/VlAdIsINxipMkaZH/GZdC7P4KdnSd:ny/akbQ1ItTAkbl/udC7P4h
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7dc4ebbe254d4cbc8e93064098173786d7ed5aa42b3c8d4abb55678e250a4b36
-
Size
628KB
-
MD5
c0c6272b565328e812a8c7cea5d676c3
-
SHA1
47bfb96cc291735edbd66b7cbd703e0e2aa981f2
-
SHA256
7dc4ebbe254d4cbc8e93064098173786d7ed5aa42b3c8d4abb55678e250a4b36
-
SHA512
65936efbfb6716abb04dde0c30d560080fd84654c040785a7e2c2369130aa821132f1488940adc980f66652cb864d444a542d95320d8abdd8776f1dfd5116c5c
-
SSDEEP
12288:MMrjy90HGqS2YZGj2whVmWX/q1LGHa9Db+3Mr89bwBUT:/yb2D2sVmWPmLGHH3MreyUT
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
862a8f43d1bd92e93fbfad58f9943a043f45ae975ab50181d393ffb2fa848532
-
Size
1.5MB
-
MD5
4f11ba58ad2b2738528568c7623fbf29
-
SHA1
5a89978533d94218333c20bf4f979c5b2a1681ea
-
SHA256
862a8f43d1bd92e93fbfad58f9943a043f45ae975ab50181d393ffb2fa848532
-
SHA512
ffaf6de18d47be108b89b517faf0b05af73cf75c1da576b2a01ddb7fde1d1ef78a28823cb0caab0fa090290114ec789a9992bc3af6cbdd198f1a9d978ddc4eff
-
SSDEEP
49152:1oiLfVHW0hY0kFQfkflI/+sGTvRaK9n9:SyVHWCk+8flI/M9
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-
-
-
Target
ba494624eebd5343a245e58b1f24e0044ccb4c80897feb6a13e393719d23900c
-
Size
929KB
-
MD5
0c034ec9bd1d1265492a265494e3c888
-
SHA1
8beb9a78b3b865194fdab4e2d9b4d6db8614f666
-
SHA256
ba494624eebd5343a245e58b1f24e0044ccb4c80897feb6a13e393719d23900c
-
SHA512
289a673f598b3f80b80c703513f9fa70169e4660aeb30cd962f5a7573c438b642549313114aba381e3e8fe5ad3a58dac3dcc1446e78d4fe2ae55216c7b8434a9
-
SSDEEP
24576:SymM9fMKeuKjgYQ2bkgXKtf/Gu/H17D1S7:5t9UKeHcYQ2bk0KEQH17D1S
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
ba4c5213c01fa30e0752b610dd412c61729c7ecd046fa9a5bdde3b5bcccb9a28
-
Size
2.1MB
-
MD5
e887a848f24557dc4825eb4a85f97d7c
-
SHA1
817b59590fec6adaa1a5184a6f0462c592a4f48e
-
SHA256
ba4c5213c01fa30e0752b610dd412c61729c7ecd046fa9a5bdde3b5bcccb9a28
-
SHA512
4144276d501467d05ec4b9eb9758dd991a69244f9da4d90a715de4d508b3fb6d5ed10c58f86e840eda1f394b43aab056f1f2104ad0466f556bee45bba23d773a
-
SSDEEP
49152:Iqo2u20U/JcqsHH6gNSszuSV4iCUTfYooI7XxZ+gGGT3Qg3:y00YJkDf14iHwnIjxgg73Qg3
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
bbfb7f577d81fe47e80446b1eb11e1623a98b25decf06d6089302a7f9aa51adc
-
Size
1005KB
-
MD5
887963b609c75fab94a3090c952dce34
-
SHA1
4c985683f9c4e0d903330d944df6e71e5c378345
-
SHA256
bbfb7f577d81fe47e80446b1eb11e1623a98b25decf06d6089302a7f9aa51adc
-
SHA512
15f4fea1aaaeda4dbaa2e2a2a643d44b02264a1e7a45cae05ca0ecc947d9965398d82955b49f52703fbb58d9fec7beb50c2e1337c19239b26cd7e047ba0f0bfe
-
SSDEEP
24576:ZyExiSehVkMuwYVH9DuD9lT3/8AO7klDe:MExiSe//uw49DuT3/8AD
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
be3d3160582a8debaa43a4fd41c15c9912c7e9f9fd4b736991afb8ad220ebfca
-
Size
514KB
-
MD5
70ab234a4b537af9627d16de319f0da5
-
SHA1
ef5de1d7306076827388348aac6282e3d9516b24
-
SHA256
be3d3160582a8debaa43a4fd41c15c9912c7e9f9fd4b736991afb8ad220ebfca
-
SHA512
c0d8b40faba24c6c57ed375cff1dcd25c7bb4714dd74d0b86e58ba2888261890d06bcc9b6f74a4ca6a3c80a6d198f0bfeaab85e47cbacd0e08fc6223f029947c
-
SSDEEP
6144:KDy+bnr+kp0yN90QEiNrLHxEB82Qu1xbEe8B9EmB7nIm4xErrJPSzarnD7ut+BEa:dMrcy90QNrLHPTu/eKEITEpSzMBF5hX
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
e1d166047db27931c64d2750c2c0d4d27bb57655e624d6cd5eeed46b63a5cbd0
-
Size
789KB
-
MD5
4894bd30e13b50b0195bf79964bf157d
-
SHA1
6df09ccbe7ba91d5a55d2cf3617a30be1035d07f
-
SHA256
e1d166047db27931c64d2750c2c0d4d27bb57655e624d6cd5eeed46b63a5cbd0
-
SHA512
39557ffe59b588d07ca8b118a101fd992c5101875329c4430b93e0f3c08bd652143ebe8b001e2fe89030fb517d43335382ff03ea2f02b9586a7197fb53bb8d6c
-
SSDEEP
12288:5Mrky902N8degBdF/RIqaSVJ3zQFo/DiK+BZhzSLU2qQCNQmhZNy/xUjDKM4n8/:pyl8dTBd9baS7QW7lkzSFuCyy/9J8/
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
e56b24cbcd2f2dc78ead0bbfb6d673cbd44be4ae5db1dbbf9a1fdb709103d010
-
Size
648KB
-
MD5
ecf0f29a03165f33b04c38290b9a22c3
-
SHA1
94318cf257afd1eb591aeb32f3d5b5a4e2214de1
-
SHA256
e56b24cbcd2f2dc78ead0bbfb6d673cbd44be4ae5db1dbbf9a1fdb709103d010
-
SHA512
ffb836622676672fe8a3c435a47c7f94d55f7d86fb77cc453df6057396c0d9c455a9bd56f54b491fc8c54281b6a100d19dae9fd5e4cc4d881eacb45dc429340f
-
SSDEEP
12288:qMrzy90WoZD8iKa2aXjdjPwmHbyLwzUxV4K7aHOGnTZSTUEyxK4:JyyZfKqhjPVbyLIeV4LHOSZSYEyxb
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
ef4487829bbec1eb751da8fe7227f27dccd52cd7f16d1d5d8bdcd1af42b36903
-
Size
782KB
-
MD5
99f433c7c2dea73b9bb35968e439ee4b
-
SHA1
c0c0ac8833349be06b8689011fe83697167d4aad
-
SHA256
ef4487829bbec1eb751da8fe7227f27dccd52cd7f16d1d5d8bdcd1af42b36903
-
SHA512
5d50aba2dcd8f276f6e855506fe35de69ba9aa6993ecb673b9b8eb741576c9ea8f71bffddb29f527743e29e9c1331866e2ed1429da6a149de4898b803af7a1a2
-
SSDEEP
12288:5Mr/y90EWMGWa4K+Zh6dqf8pJ+0DGQplKkXEFG1+gzXlaJi07IfRMLN:SyHQW8Swm8/SQD3EFG4grlaJPoRM5
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
fdbb9a49cd039fc64f0cf2a64961e3168c0210a03dc0283c09dcd5f5d1b00ce7
-
Size
1.1MB
-
MD5
d0d105a2196b197a7117daf301d63dc0
-
SHA1
a909a59c09dd6cf89b34745d28e049ae0f7539c6
-
SHA256
fdbb9a49cd039fc64f0cf2a64961e3168c0210a03dc0283c09dcd5f5d1b00ce7
-
SHA512
d8ca188bc8188244a5aa6a11b13e35bbb887f00ee79da4933bc13325fb044fa30d8f2ca23e6b99498511c12900553d86d453c2cdcac0d5f2a209199eb6a592fc
-
SSDEEP
24576:/yWI9E/hFi5iDdQgzLH+TV/60X2KyLPoGLrEhJcYQuUS:KWthFi5iDyTV/60X2FdfE7guU
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
19Registry Run Keys / Startup Folder
19Create or Modify System Process
5Windows Service
5Scheduled Task/Job
3Privilege Escalation
Boot or Logon Autostart Execution
19Registry Run Keys / Startup Folder
19Create or Modify System Process
5Windows Service
5Scheduled Task/Job
3