Overview
overview
10Static
static
30314c3cf58...62.exe
windows10-2004-x64
10142ed11f80...59.exe
windows10-2004-x64
101f54336cee...4f.exe
windows10-2004-x64
102470f02746...37.exe
windows10-2004-x64
10357dca1dd0...e2.exe
windows7-x64
10357dca1dd0...e2.exe
windows10-2004-x64
10367729c840...03.exe
windows10-2004-x64
103ae8cc733e...e3.exe
windows10-2004-x64
103ff87c5bd0...30.exe
windows10-2004-x64
104157cda315...a6.exe
windows10-2004-x64
105f318080c6...ea.exe
windows10-2004-x64
10620f9ee1b4...8f.exe
windows10-2004-x64
106817354347...3a.exe
windows10-2004-x64
10753cdc12b9...91.exe
windows10-2004-x64
10a4215d26b6...74.exe
windows10-2004-x64
10a4375e040f...82.exe
windows10-2004-x64
10a619ae77d5...2e.exe
windows10-2004-x64
10aaab139650...12.exe
windows10-2004-x64
10aefec08eba...49.exe
windows10-2004-x64
10d12f5fa25c...70.exe
windows10-2004-x64
7e5b42981fd...65.exe
windows10-2004-x64
10General
-
Target
r1.zip
-
Size
19.8MB
-
Sample
240524-f8xfcsfb58
-
MD5
e10fb09ccd7ec4c89fe48ca785388202
-
SHA1
0631152e4167cf94134e9d18b8f97e164fe49454
-
SHA256
02cacf524527064e447c85bef406a6e5125d06b69bd35e10a813bf4a5659b985
-
SHA512
e99ba6bc1e7e5e38fd8774300466eb711f14c4144fff1de2c50e1bc9d673e80c355a8dcfc44182a1d5dc57c12d47a02fef83085e8a2053c93e76071425eb250e
-
SSDEEP
393216:5wKlONz4TfJIuKUHGqe2dzjBoY/lUhMacufS3hn2KDH7:GYpWd8ftBVlqMacFh2KDb
Static task
static1
Behavioral task
behavioral1
Sample
0314c3cf5875f5a348b62f28e53ec17a9180933fb126d66b7184ebbc62e3c362.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
142ed11f8044b70abc93823879852d70e03f8fdb2b557dd5db7da572a6b40d59.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
1f54336ceed1489c1501366db5c3d0173f045faa248587b9e1d9d3669f84114f.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral4
Sample
2470f02746e0ace28b3f21135e43ca5574a20964c1ebe76b4d37e025bc74cf37.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
357dca1dd0b140db9468cb0bea91da2504a032397de5a581bd04f96d59e430e2.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
357dca1dd0b140db9468cb0bea91da2504a032397de5a581bd04f96d59e430e2.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
367729c84050746eb20cd233e6b8d8cfe0625110da6e43f4b4c486aa19d08103.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral8
Sample
3ae8cc733ec108080a1919852f9eed660c71dff454329a044b21af12ce8fa4e3.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
3ff87c5bd0d476dfc954d3706672474698d1e412030e6189e037c2474b97b730.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral10
Sample
4157cda3159c7d2c99d18138d2e023dd1d821d09ae77e78901a80b26492981a6.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
5f318080c6c0aef583c575f49bd61e9b4e8b6784f4c52b512e9c07090e4cedea.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral12
Sample
620f9ee1b442855f9904f5108cf7185b16d0acbacad9aaa076f02e0ffd4f588f.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
68173543479d737f5e883a0bf3bd569d09813666a895a805fd53a18f3a96df3a.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral14
Sample
753cdc12b984ece991f2018329d37985ee627640895e2d9b9a43a13a6dd6fb91.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
a4215d26b6f0c0e1bf7e0f7a14e39744684399db4b301d328c8f7df9ca1c0b74.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral16
Sample
a4375e040f13128a4dc747d845dd82b7204008c71beb526483b369eea30d2582.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
a619ae77d542717361e631ceb6fe3fab295af4ccef45ae4774b92a9355b6bb2e.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral18
Sample
aaab139650da2e31907d608a912b0aa66038a21c8d946e300a44ab21b51c2c12.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral19
Sample
aefec08ebaf1c6b975dbf83df5257e52d7efcbaf569ea4b633cec392af828049.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral20
Sample
d12f5fa25c8ef0ae322be4daa1b08acf499c9d1be60c2f8d6f6b5a65c28f0a70.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral21
Sample
e5b42981fd5d352478cd9e79d582bc92295cb43d3d32dfd59e84008eb4216c65.exe
Resource
win10v2004-20240426-en
Malware Config
Extracted
risepro
194.49.94.152
193.233.132.51
Extracted
redline
horda
194.49.94.152:19053
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Extracted
redline
lutyr
77.91.124.55:19071
Extracted
redline
kukish
77.91.124.55:19071
Extracted
redline
mango
193.233.20.28:4125
-
auth_value
ecf79d7f5227d998a3501c972d915d23
Extracted
mystic
http://5.42.92.211/
Extracted
redline
breha
77.91.124.55:19071
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Targets
-
-
Target
0314c3cf5875f5a348b62f28e53ec17a9180933fb126d66b7184ebbc62e3c362
-
Size
1.6MB
-
MD5
4072ebdbf10bdc65c81f939c356f0d2e
-
SHA1
c3aacd751694f6980a973b895017247e5e29b29a
-
SHA256
0314c3cf5875f5a348b62f28e53ec17a9180933fb126d66b7184ebbc62e3c362
-
SHA512
214350c7f05426ae01ce87106b490fbd3ca5bc61ceb2ef243db73891d817529961e6f04344214d0179cbfe9482e6c25133d3f45e40bd72e328a89fc9f7bb70e6
-
SSDEEP
49152:R77PcdeNyB5PESc74VbUR8v/OwLACT+jbU9g/:tzKeNyBiIZbKjbWg
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
142ed11f8044b70abc93823879852d70e03f8fdb2b557dd5db7da572a6b40d59
-
Size
645KB
-
MD5
ef0669622d6448e4556501afe1dad056
-
SHA1
c85d621294c88c8050b202b0e20f62d7889a86c5
-
SHA256
142ed11f8044b70abc93823879852d70e03f8fdb2b557dd5db7da572a6b40d59
-
SHA512
64f71711babea80de14ca75680b8abb38ce5326b86925f6121a3a3724739158930c09b6b077d473e08661b508ae585973c7e6dd31a848f06bf16b2eb67026b34
-
SSDEEP
12288:aMray909okg/mJPJBxxSrCUHBayC0xzVN5Hn7uQQrzHWw:cy6HJ5UdhadGzVLHCr7Ww
-
Detect Mystic stealer payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1f54336ceed1489c1501366db5c3d0173f045faa248587b9e1d9d3669f84114f
-
Size
1.5MB
-
MD5
a40e62a544268214b09a8bafb68847b3
-
SHA1
9f388d46aed84dde179dc1e7c037d4a2a2cfadd4
-
SHA256
1f54336ceed1489c1501366db5c3d0173f045faa248587b9e1d9d3669f84114f
-
SHA512
11a2ca05e5b202af547b8ff9960346100477e9fac8089ab467edde417b0f8c2b2ce3c5234118f1e34cc6d3abbd32a19513430505767118b1c2ef7daed5694741
-
SSDEEP
24576:SyF/ldc9xGt1TuqHUtf/bo1JtIANdz3esqRTqzred7WEB2w6FR26Ph4e3lu:5Fj/tsqmM1J9zeGzrg7WaoFR265
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2470f02746e0ace28b3f21135e43ca5574a20964c1ebe76b4d37e025bc74cf37
-
Size
702KB
-
MD5
3551b070d8f8c5788e7a26b7eb3e2167
-
SHA1
c4f2f2a5e1534aa6745a4fa10cd33082e796a449
-
SHA256
2470f02746e0ace28b3f21135e43ca5574a20964c1ebe76b4d37e025bc74cf37
-
SHA512
8cf570cae3fe1afcde148277a893bbd95711709792adda13b74132ed4374542999cd4e2a7bca1e35ebf6f4fce1b86a55d8d32d978016d3e70402ba5badc44723
-
SSDEEP
12288:mMr4y90EPnLmwuetmnJuSDno0t3Iu2FKZmtQVpzIZpFCMq48YdavcJynY4y5d:ay9LmwuetmncSDnh3IubZmipzzMq/YOw
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
357dca1dd0b140db9468cb0bea91da2504a032397de5a581bd04f96d59e430e2
-
Size
1.1MB
-
MD5
0c3c542480b366c4937a6a352723cff2
-
SHA1
7e4a1a89113a6fe0eb21e7b0d5640933095d035c
-
SHA256
357dca1dd0b140db9468cb0bea91da2504a032397de5a581bd04f96d59e430e2
-
SHA512
6f922448fb2512643a14154e6f6b6aaf6cac4a1af9cad3e818ad87b5cad4d56beb1a0848b005c75938853f0d74f6bd094332f695da0bda9e55997a7b1c2d032f
-
SSDEEP
12288:2Q1Ud1yTt0OFYtMeTVRq6zlXO4iIEbJGHaKwCugkgqaWxFnE+iOPW5kYg3meJ:Gdgh0OFYtMeTVRfBxIJGwcunE+IkYA
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Suspicious use of SetThreadContext
-
-
-
Target
367729c84050746eb20cd233e6b8d8cfe0625110da6e43f4b4c486aa19d08103
-
Size
1.0MB
-
MD5
b8c8a180572fa9f5d2abc29e8f5225de
-
SHA1
70b0b356bc4a0bf194d6cc8dc2b000ac7e49c1b7
-
SHA256
367729c84050746eb20cd233e6b8d8cfe0625110da6e43f4b4c486aa19d08103
-
SHA512
fd90da55beae0cc7727900aff75d39a03d7986db109beb32ef5f0303cca309768e6ecbe2db25a32a6cb64eb7f3ee7209143a60fbde957182b1ddf5b58aba9162
-
SSDEEP
24576:Kylv3LOmDlvjAHW7XNs5uCq3bMKgMjUlP6wSCzLw+:Rlv3LOejLNsB5KvUlPyx
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
3ae8cc733ec108080a1919852f9eed660c71dff454329a044b21af12ce8fa4e3
-
Size
956KB
-
MD5
c7d606e2c52cb54347c035c4f20385af
-
SHA1
fd14a9789a5cb3291a9fc9a21fc6a7011df32cfc
-
SHA256
3ae8cc733ec108080a1919852f9eed660c71dff454329a044b21af12ce8fa4e3
-
SHA512
c3a07f6ef78ffdf38fee9613b451476e0c17aceebe9115bfd63c02350989197b15426fc854a3cc7a59878a3baa274c1a55b988374003389ee3ccbfa346ebce22
-
SSDEEP
24576:IyjahTARFOjnPlTRpSQ4Mh51NLlCTmBqqJj/vieOyO:P8TcIjnPlUOlwoqw3R
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
3ff87c5bd0d476dfc954d3706672474698d1e412030e6189e037c2474b97b730
-
Size
1.1MB
-
MD5
280ae5fee193835043a57b5858575e88
-
SHA1
864a3e1354257f7f027de1fb6a57c8f250522e27
-
SHA256
3ff87c5bd0d476dfc954d3706672474698d1e412030e6189e037c2474b97b730
-
SHA512
35031ee7e036a0ef439281b3ab83cfac1f63fede1b314ccd0950c13c6deb2acc93889690aed3a60409f40b98fb353f93cacdb45119c2af503b34e91911be60a5
-
SSDEEP
24576:uyT+eJNyRY6bWbYcd8v04KzKWzZcO8mMvd7g6FvjqmllVGTZZmWfnIH4C:9T++V6b/XKxZcOxmrLgVPQ
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4157cda3159c7d2c99d18138d2e023dd1d821d09ae77e78901a80b26492981a6
-
Size
935KB
-
MD5
7f171f4b73978e234b3e114830d4b2f2
-
SHA1
2ea3e0030d87fb10bbd138f3ae220b2413d9820a
-
SHA256
4157cda3159c7d2c99d18138d2e023dd1d821d09ae77e78901a80b26492981a6
-
SHA512
b363282cdf599dd82accd283b3a10acc97108588c16696cfb7c361a02a29cb4b7c65366836bb897cb00881b3d75b4d7fa575befd19eb1009bab7130cd798e2af
-
SSDEEP
12288:TMrby90gdqx5IqPURHad0qOH81g42fAhjMQFzlzqUagnaioMpkQFU/i+VGq7af9C:Qy3qxVXhv1XhxVagnbpkRxVGyafKZMo
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
5f318080c6c0aef583c575f49bd61e9b4e8b6784f4c52b512e9c07090e4cedea
-
Size
2.3MB
-
MD5
665d982ca7f55392948abb118b2c6b3d
-
SHA1
76b7c096dae1f20041e7e55e3d863ec35cb4fd2d
-
SHA256
5f318080c6c0aef583c575f49bd61e9b4e8b6784f4c52b512e9c07090e4cedea
-
SHA512
8f7d99ef72b0fff0c0a758f28a948b9c4c2387f5e9a9b7f0ac3a8971d963d457d58cbd8368bc55809196c21daea956dc1a6eba664efa2b91567057ad22a19723
-
SSDEEP
49152:tsOzsGwNJp72gr0XQZ/8VM+giH+pmGj1DrGpc85Rwxh:9fwnEg4hVvNCm6GpR5Rw
Score10/10-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
620f9ee1b442855f9904f5108cf7185b16d0acbacad9aaa076f02e0ffd4f588f
-
Size
421KB
-
MD5
f43e85202791e82c59b8e07f76dabbfa
-
SHA1
cf80bc8a656390e4e9ed061fd84a155f0665237f
-
SHA256
620f9ee1b442855f9904f5108cf7185b16d0acbacad9aaa076f02e0ffd4f588f
-
SHA512
5c8dd89131b27eb110b9ec35d7e0686c7cffed62d4257d0d506d93154eeacc0f8e14733ba4ebc4a5616e7c1fff02cbdc52eaa6f1e662ec857d94532084b360ff
-
SSDEEP
12288:YMrhy90F+08qFUvu2hyW1eKFnTA9BKXjEARJfz7IU:pyX08qF32lIKFLEAl
Score10/10-
Detect Mystic stealer payload
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
68173543479d737f5e883a0bf3bd569d09813666a895a805fd53a18f3a96df3a
-
Size
633KB
-
MD5
ade1582c6f516a251b48126cd5f22f55
-
SHA1
8f2dbe7998b7ca7090eb7b0ad8192ae798b5d488
-
SHA256
68173543479d737f5e883a0bf3bd569d09813666a895a805fd53a18f3a96df3a
-
SHA512
96f1f614d8b2092a16ee69003c1340e9623e5742e09d8956deb368b47078b1be6d1a5a6952e90002732537efc6c6032311fbf66dda0fe79c379704d200f1e1fe
-
SSDEEP
12288:bMrjy90C6QjVHg1WhG2w6jE9l3bfr0M4rI6pvIlIE4uXIU1/s:oyP6YVHO0G2K/LzoVDE4uXIU1/s
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
753cdc12b984ece991f2018329d37985ee627640895e2d9b9a43a13a6dd6fb91
-
Size
641KB
-
MD5
a2fb087405549d4844da7621326d7bc6
-
SHA1
41722d07ff394bb88e681e8cb55acdc420fbc696
-
SHA256
753cdc12b984ece991f2018329d37985ee627640895e2d9b9a43a13a6dd6fb91
-
SHA512
deac27f5aab4250178ca108607e59b275edccdf556fe2ddfe2f2bc51a302a985cab0408e6261f1459fecf19b8331bc959a0e30921103816e46686b617549dfa3
-
SSDEEP
12288:nMr9y90yHagkaQMkfPlNgEkJa1j6shpaH8UPGDTVqT3kUt90fnAr:ayaXnHrf1jS3uTVqrkUcK
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a4215d26b6f0c0e1bf7e0f7a14e39744684399db4b301d328c8f7df9ca1c0b74
-
Size
954KB
-
MD5
2007fd745de85725bd3c50bc100af3dc
-
SHA1
be0942dfed4466f4181936016cc020ed72918fb6
-
SHA256
a4215d26b6f0c0e1bf7e0f7a14e39744684399db4b301d328c8f7df9ca1c0b74
-
SHA512
ca2e84396e623838f7900a2c73f28d5a5675c179a462878232c618234c7f68f1f3e4eb6003f9c9fdacc0bcb7849d2385e63422aa640d6fe3244db49481cc9973
-
SSDEEP
24576:Ky0CNEQDcgkWfaKBfZh59btIafN7V9joSiS5nYI:RSqjflZttIaV7V9ESR1
-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a4375e040f13128a4dc747d845dd82b7204008c71beb526483b369eea30d2582
-
Size
1.7MB
-
MD5
dfe9bb1f434b2c4274b25c55f4c357fd
-
SHA1
26174ece060175ac42687ac2bbbda5ad8b486972
-
SHA256
a4375e040f13128a4dc747d845dd82b7204008c71beb526483b369eea30d2582
-
SHA512
81d7b36b5ee84df38237fcbd7b5b8c8714a079e07bbab5098d44a486d63803b4d054fa9e04e35c6c56af4c8b492ed06e11f2d6d1c161efe2edd18328047064e8
-
SSDEEP
24576:4yCr4tXdUADDqI0NqpWTUczJqcswysxoJVJgRtmO0pO9j+30JwYEXpUZCwQU/4e:/CctXhDsIWTUczJq/JlgD50pOV+PbqQ
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
-
-
Target
a619ae77d542717361e631ceb6fe3fab295af4ccef45ae4774b92a9355b6bb2e
-
Size
934KB
-
MD5
9323def24c82bcce18472272f2fd5647
-
SHA1
f09e0e7cbf11b9afa48a1cdb5d7d67065a46da8d
-
SHA256
a619ae77d542717361e631ceb6fe3fab295af4ccef45ae4774b92a9355b6bb2e
-
SHA512
98896fcab67a61d7d42629f3062054984a32712b668fa986272c14427394727c522ee9562a7d243e9627ff88f1825444dacb3b8a14dd270a5a3b755502271e7a
-
SSDEEP
24576:QyZyKWABDnuKRODayze5PfWeD+XH0WdXBPo:XEKWQnuKRoe5HlDyH0Yx
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
aaab139650da2e31907d608a912b0aa66038a21c8d946e300a44ab21b51c2c12
-
Size
2.1MB
-
MD5
e1bb0f18d53291edb6b6b8c8bcbe60f4
-
SHA1
8354cb2797fbc00c57f193a6d0929dabd34e6981
-
SHA256
aaab139650da2e31907d608a912b0aa66038a21c8d946e300a44ab21b51c2c12
-
SHA512
dd5e7dbc48010a5057e20b0d056e03584600362a259dce65c5ab8d118b67e3f731243a65732b84d31f74d55d603f38532911e387946912431e99d7f9c17bb322
-
SSDEEP
49152:/nIg6uBuXvfZ7xjfgZGKAusjt5M1JVzxVgXDaQxlxz3H8OZBnCcpa:AgZuXLMBqkRveuk33ceB9p
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
aefec08ebaf1c6b975dbf83df5257e52d7efcbaf569ea4b633cec392af828049
-
Size
401KB
-
MD5
c70da63f44a116fe349e06b38cafb3fa
-
SHA1
cb0d169c46a5e96d933da8ff43d1e057ea2d5ced
-
SHA256
aefec08ebaf1c6b975dbf83df5257e52d7efcbaf569ea4b633cec392af828049
-
SHA512
d558fa35f52738065c6d4602f968f22dae8dc33f900d71afb69fb52705e105befee8e786926c174cca498af2e55a109fae972acb3ab5ccc4dd26ff41e5066993
-
SSDEEP
6144:KUy+bnr+sp0yN90QEHbTG8sXOfBZjC+qn5gwV4y5P08f7DjWLMRPPq2knPEVowLc:kMrAy90tbXsOjFKFrOMti21awLc
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
d12f5fa25c8ef0ae322be4daa1b08acf499c9d1be60c2f8d6f6b5a65c28f0a70
-
Size
642KB
-
MD5
3495f027cf0f5fc3e066f6d1e5ae17f6
-
SHA1
787b0eef35f80738a55247d6acd4d49a0f5d3f07
-
SHA256
d12f5fa25c8ef0ae322be4daa1b08acf499c9d1be60c2f8d6f6b5a65c28f0a70
-
SHA512
c8b9ccde6c7e26800badc673214b4a79871b528d2e02faa07458279155edd9171781d38db17da5fb623389be7ca5cb134f560b49d93b07c95a3a9a13ba37db26
-
SSDEEP
12288:XMr0y90J0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6Nxb2jHV:nyEiaaewIsgCQGIgYDFb2j1
Score7/10-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
-
-
Target
e5b42981fd5d352478cd9e79d582bc92295cb43d3d32dfd59e84008eb4216c65
-
Size
1.1MB
-
MD5
db790b8be6c16299ccf7f1dccd680b89
-
SHA1
4d13d834f004cdb6c836eb0f9d7343fea266069c
-
SHA256
e5b42981fd5d352478cd9e79d582bc92295cb43d3d32dfd59e84008eb4216c65
-
SHA512
63518a7fd2471ed7c678e650ff45939b86d9264cf175f6d3e5e3cf6662fd54a1dbc0063b5e97707d247046d982feaff164728d7267543622c66e5394427a988f
-
SSDEEP
24576:UyMQBHbtypH1KhYSPs1h4Gur9/pok9ULO0Rtlz01EjUdkr5eM:jMAbtypH1HFajr9/6jpI52
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Scheduled Task/Job
1