General
-
Target
r2.zip
-
Size
17.3MB
-
Sample
240524-mrkhsseb42
-
MD5
0bb57bb2974417325d3394f352abfb93
-
SHA1
4e76d2d74a384065de47a3a3cc8300544238108e
-
SHA256
9874024432d4a4dc4017d0ebf9773eaea78b9aea747dfbe995938af4b572eb38
-
SHA512
ba2d9052a74de1beecce8e623d1f209bda81263d84fe805ce2ab4f4c35d88c2f5c637537df18f8952859e778f990e22fa2674947eb387a8f95e66cdf58578872
-
SSDEEP
393216:IqcF63L8fUg08is7b1Zl8koNueCPnqBYoIV7OoisfEFwB:/cs3S48bVQNueoq4XEOB
Malware Config
Extracted
risepro
194.49.94.152
5.42.92.51
Extracted
redline
horda
194.49.94.152:19053
Extracted
redline
lutyr
77.91.124.55:19071
Extracted
redline
kedru
77.91.124.86:19084
Extracted
mystic
http://5.42.92.211/
Extracted
redline
breha
77.91.124.55:19071
Extracted
redline
kukish
77.91.124.55:19071
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Extracted
amadey
3.89
fb0fb8
http://77.91.68.52
-
install_dir
fefffe8cea
-
install_file
explonde.exe
-
strings_key
916aae73606d7a9e02a1d3b47c199688
-
url_paths
/mac/index.php
Extracted
redline
taiga
5.42.92.51:19057
Extracted
redline
tuxiu
77.91.124.82:19071
-
auth_value
29610cdad07e7187eec70685a04b89fe
Targets
-
-
Target
04a0e650872d7846563cdcc0dd200fe4ab443abf6a07ee52486d24d18d6aba2d
-
Size
1.1MB
-
MD5
220a3457bac0b7e002558e635cc38c53
-
SHA1
c7de62cda431e4166e2a4f77b0522f5195caf86c
-
SHA256
04a0e650872d7846563cdcc0dd200fe4ab443abf6a07ee52486d24d18d6aba2d
-
SHA512
f627940e941ce4b632dcea6a7ffa85cc5727e0937550f1c8543438e9ceedd529a9d0dbf9501a311b1db9ed60880a298c8cdffdde14b1705488220b97bbe714fb
-
SSDEEP
24576:cyiWn8NR7Ih++UoI4yYGhmAkkW+rc29OeK+:LiWnyReuYGhmr+f9TK
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
0b23052e1def21c0e818780565a7776ae96e61597a9cf4ab1fc690daa4a85105
-
Size
754KB
-
MD5
6810cf7b150188a3ff1356eead999753
-
SHA1
e31eefe748f66c894f169b4ee25e435a5f7d8d15
-
SHA256
0b23052e1def21c0e818780565a7776ae96e61597a9cf4ab1fc690daa4a85105
-
SHA512
6e96d879ae6dac11a8ed4f28989b81d5a41c148c7971d993fd34d74252995c6829a5a84f885132d84e9682def59635bcc2ef097f9f4e4fb33f00abbf8c6f2cbc
-
SSDEEP
12288:cMrwy90C09MZWecKH7UZUNXYGIWj/dUBB4FSVvMj3Q2VO8RvyBB7fUraG315:syY9MkecKHAYoGIWgBwSIDVXvc7UuM15
Score10/10-
Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
Healer
Healer an antivirus disabler dropper.
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
1319d8370208b00e5260cfc0b8f145575c62bd43ab6f76605a992afeb6737f15
-
Size
803KB
-
MD5
acbc2a373e18ef3c6f7674f0a41a2309
-
SHA1
f786e204ad0ee7db4c64dbc92dcdcbf0b205f1ac
-
SHA256
1319d8370208b00e5260cfc0b8f145575c62bd43ab6f76605a992afeb6737f15
-
SHA512
1341f9e896457ce6f88e2aeb0b2fab8f3949eb29e89ec52ebd65c75166c4a43411a8f969a687f20f69e8179cb3f0a542345dda206620c302a5d3f57c36dabf8e
-
SSDEEP
12288:PMrXy90nEdYGF/dYrO/K3M2552xWH/XypBUBTq0wuZnB3GiNk7RaWI0cC79Yj11U:My4EbF6a/Km+/XypaxwuZnVFN6R0uhr
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
15bb5ac797303fa462001ce5fd88a7bfc4702cd65f0a1768f9b994f6495a49dd
-
Size
1.1MB
-
MD5
5452b94dde083093d8e942c9a2807354
-
SHA1
423f9d52c1a7a369cc48400d83ffd558b99d918d
-
SHA256
15bb5ac797303fa462001ce5fd88a7bfc4702cd65f0a1768f9b994f6495a49dd
-
SHA512
951a9d584fd98e161849b78145cb4e2ca6130c7a98b89c06e54b067bebc79d65bdf80311e5b42af67a679fd66727370d189f3b496b1df9e1e3feaf7b1f8ba19c
-
SSDEEP
24576:SybMeEolioKBv2E6m/ci9MaEbID2Qhk+S3R0:5bIolbKZD6JdtbI6G/S3
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
-
-
Target
19eb5c3dd82e78329d1d98ef6b119402fff11484aea9cfea0e3e1135eea669ec
-
Size
582KB
-
MD5
d56c66c9d163f9ffbee7639f49480fc3
-
SHA1
142c8ebad2060d80751aca395115aedcda26cc34
-
SHA256
19eb5c3dd82e78329d1d98ef6b119402fff11484aea9cfea0e3e1135eea669ec
-
SHA512
30cbac04de264e17c6e178376107ac6112b4f58a189dbd01b2cfbdf7d7811d759d22a720a02e595f8e35300931932ef0c303f8f91471b311423e975829191ba3
-
SSDEEP
12288:RMrRy90yRvnRHnhtDc3YLtYWBQy+K1edjYz84GLjC4k9Ur0w:Ayh/RHhhc3YZGPKiE8RNJrb
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
2864919e9fd253aa62ab37d5b02410fa89dd3ead4618da0b908d3b41e73167b7
-
Size
1011KB
-
MD5
955673b4aad0c30120e7b1b79c4d9fe0
-
SHA1
5e729925f0f2845001e8de2c8735c68f7f838315
-
SHA256
2864919e9fd253aa62ab37d5b02410fa89dd3ead4618da0b908d3b41e73167b7
-
SHA512
58f7f0115847664469185ff8459b9ada2291eedcfaf530e4e6a84d1d910f03e0c665b692397da23d0aad467aa8a58888df19a114ac828ec4d9fc35a61fadda1f
-
SSDEEP
24576:kyLQvjMS12DSBNRzaa1L+TJ6vqbIvVLXyhda/E0A:zErMSUENQVVCqUvVehdaM
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
2f05412e59a8bdd056c643ef429f71b1cc81960c29ecda2121c342b304349d2c
-
Size
2.0MB
-
MD5
e14a5da9f1cafc8cff35c242ec462de8
-
SHA1
c02c0f33ab9efa83567f0d557c0bc20d07c83b6c
-
SHA256
2f05412e59a8bdd056c643ef429f71b1cc81960c29ecda2121c342b304349d2c
-
SHA512
5360dbf58a58237fc8c339c5baa75f43d06ff24c0c21a293e2225f27a68b77784bdc2e31d955a58f23d7079a6023d88856896d8280eadec076c6264997c0e376
-
SSDEEP
49152:yIs1Ba02LAlGfwgKpc+u8NZSkzqa2BLGpaHD+L5w:JmkZRrwXzqXvHCL5w
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
3fd9e44b8df95e2fb188e6b032b029a961609f7baa7d332929166e71f86e8b84
-
Size
938KB
-
MD5
e559bc5e8fecf95110c7a977c73e5bfc
-
SHA1
cf404a4cb36c334349f810fae25ca2276ecdd1cb
-
SHA256
3fd9e44b8df95e2fb188e6b032b029a961609f7baa7d332929166e71f86e8b84
-
SHA512
510d2ddefa82c77f0c6bf1bace04ce06d2c15688dac20597ef6f964670303faa305f53e15d655392cef6f1104d455b2d752fa2f56ef0d778ecdc5ae803197f8c
-
SSDEEP
24576:lyfjhihl0dK0Ht3tVBJ0CPaKekYkV6HmL3eZ:A1i+K4ZtVBJ0oaK376HmL
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
4920924329af964d29e90b0bd3763c20450919411ad6b6ddabfd88061a7555b6
-
Size
812KB
-
MD5
ee8b33b784968f37416cc0b7ad45ec89
-
SHA1
c2981adba90b165a3c7e4c0226415741a5c21b75
-
SHA256
4920924329af964d29e90b0bd3763c20450919411ad6b6ddabfd88061a7555b6
-
SHA512
2dd2d92b48fcac58e9ca1e5d03beb031a8c1dcad3566385f3b2525944646efb3a7d118a0e30af45b59b730b25cdff3203f5a3e67d816cc03089df9ec4493c0df
-
SSDEEP
24576:9yXMN6XoBRXO8uYwG+2bPnIrGxZGCcDUFbPbz:YaaVTG+YIrDCcDUFT
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
6d6ab7a20c1331b0189166b1cb07916ad2565031332833b346f8e5728ba48833
-
Size
1.3MB
-
MD5
b1014daa354c943ac07bd77ccbb36ba0
-
SHA1
6308a52ccad0d1aa5d78d6b543c517029297d0da
-
SHA256
6d6ab7a20c1331b0189166b1cb07916ad2565031332833b346f8e5728ba48833
-
SHA512
fa222739128e3ac2ec1d7c5730f0748bd67c5886445157f7517f87088096bd190773805721c52abc21ba998f85ae0f377edb52b1445eaed0a53b25b9c932d6c8
-
SSDEEP
24576:GyV82uVrfLBvFlIW7F9lymuQg0qx+wkKcCg8QsQdGiHibyue3teeQHW:VVIhzBFlIWpJyGCg8lQl0Xe9FQ
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
6e839edc16582f1c2d53d777f08720f69ec875a29be62c7adf21eaa0b7b302b0
-
Size
1.5MB
-
MD5
d2112cdc189a119c9bd4e3cf5a8f5a7c
-
SHA1
e71798987b95e1e59bebb835653dfe6cdb6ee122
-
SHA256
6e839edc16582f1c2d53d777f08720f69ec875a29be62c7adf21eaa0b7b302b0
-
SHA512
966fb8bc4211c540eecddcba68b9bac4be7977ef1525a657289bb0bc8234b1e94933ed8d9a8a2e0bd54fbfd370ff9d1222f1bca0931522a2c8193c7a3ccf7122
-
SSDEEP
24576:QyticKpXK7wbmja4ZFH5Nz9OTdB+7AF4lDK76GeZWsrF115xJ49JEvOcFU/+:XtiGkbSZFH5FkTu7XELCD15xyHEGcF
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
6ff00efb56e1358cc67995d20e4e1edfffeb0789812a5cd830e2f477e16f63f0
-
Size
960KB
-
MD5
434e0981e30d301a832a17e279104945
-
SHA1
f1aa4d85961747aa1ffd030a074e406ef37101be
-
SHA256
6ff00efb56e1358cc67995d20e4e1edfffeb0789812a5cd830e2f477e16f63f0
-
SHA512
02cc56eb6661599b6d670e4fcdf852c76bedc34c83dbd864b42494801eea6bc6c2ae12493112c27f93b2f9256c4ef8af0fa7ad0c03d27b4e244c7777d88af117
-
SSDEEP
12288:qMrDy90XE2JeSkUMBXNM1odv9TLauZxbiJsfPMoG1whZ87XQqHUrE1D5q/1GgfgX:9yexJeDB+oZFd+JsfUonZ8ZHBKI5aC
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7018985aa093121c146c37bf15499c6914c370d8b1e61fe98047260a3f0f5d8e
-
Size
584KB
-
MD5
3d95c1908906f19aaba4db1e866b1c18
-
SHA1
da63f6664090fb6e72d9235d64506e93c603d3c3
-
SHA256
7018985aa093121c146c37bf15499c6914c370d8b1e61fe98047260a3f0f5d8e
-
SHA512
da14352bb65f08ce590f7ec7fc2e0cd2497b0ddf8daf5e491cd5a1b9b24d0ec5ddc9e9e5de912074fc10ea0339cd9107cb19fd62e48617f180873bdb094b6e69
-
SSDEEP
12288:6Mr7y90m8vemdFOfRi7WwAk7Fv+eOWr5WaU2GrnJ:hyIve8bD5FGejgWAnJ
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
7b28b5b2ffa7298e1bc65ee1f5e49125dd2ae16da86952d43e4d1ac1e04c6e4e
-
Size
365KB
-
MD5
79f59ae0253a9b026394312258c0c593
-
SHA1
95431db03a7664e976dda7e9bec80b3ea4003bf2
-
SHA256
7b28b5b2ffa7298e1bc65ee1f5e49125dd2ae16da86952d43e4d1ac1e04c6e4e
-
SHA512
e25e0003ad22c25c59129b94173ee9c6490c60c3f6da14c5768232868b3d82781d574e1422a37b5f783c6a1a289672b559c7200bf820ff3ad31210be376f8e3d
-
SSDEEP
6144:Kyy+bnr+zp0yN90QEe99MHVGA8MjIEcmhUg99BYjYeUzfbuSEE:WMrry90Wk84XlhUq9BYjYeUzTOE
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
.NET Reactor proctector
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
93bee57b7167fba61070c22f0c719ebb27499c5ff106633260f340e4917cf741
-
Size
1.1MB
-
MD5
58fbe2631b6d26d8eb1373d1b0f26a38
-
SHA1
aa924759ffbcd271588b7377a27cea3fe79f66f3
-
SHA256
93bee57b7167fba61070c22f0c719ebb27499c5ff106633260f340e4917cf741
-
SHA512
a0d72c2adae3f592268316d1ef117dd3f3d17ddfa616f2fb1a313a8c71683adc9ad7cf92f4b3ab0a370f0d9a15730a190443506220b23bc13877d901761fe373
-
SSDEEP
24576:myMppGdEcszyiSpAlNAj7m21oy0+F4+Z3P6d:1hdQGiSC8j79oy/P
Score10/10-
PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
-
Drops startup file
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
a22d19b8f183bcd64a7c85a1e82f19e6db501a7e19b93ebc313864c2a0e6ce9a
-
Size
723KB
-
MD5
ca70b6b7eab6a054d392dc5d98839264
-
SHA1
72cfe825b3d930b137a3314a707c6e8d2573356a
-
SHA256
a22d19b8f183bcd64a7c85a1e82f19e6db501a7e19b93ebc313864c2a0e6ce9a
-
SHA512
0f348870c18cbc54871ee745b21c2a6eb6a2722f36e9abdf067796042278df46017458171c7408158f832606468c91d10ac9f9250bb67e9481be04e2e638492c
-
SSDEEP
12288:+Mrfy903SKxjPt13ERBqTs5U+ezRjWCQhFqg80rOjn1Phd:By9oj/24RghFXPOjn1j
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
af3432152c514465fb36f13137bae3206443814e6398ebe72ca129d56edcd08d
-
Size
918KB
-
MD5
56cdba87bcc5804d404098869b844a90
-
SHA1
2bd2f5db4c77f6c10988d82c8da316eb766dc7b9
-
SHA256
af3432152c514465fb36f13137bae3206443814e6398ebe72ca129d56edcd08d
-
SHA512
a20fdff62ab3f1abd82937e7be987a549b68bdfe02cdf26bed82850d3ca9f9a4ded8324808dd6e93bad8ffb3f2e83db387460c75208b528c5d6c439e8506e380
-
SSDEEP
12288:fMrsy90GXeQX658y7lzrLZJFsYIjHf3UI/P4zONjpbfLhDPDSvJeR6maLZZulS:XyiQq58Cl9J4jHcI/PaWBf4o0N0S
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
bf27d39d4bcefd6acc1e63fd0bf1bee8152a76443458be36ca71657a91e2d4d1
-
Size
733KB
-
MD5
f6ff6d5bcfc6785ac6f50078974cab80
-
SHA1
40b4e177adf9c23cc7e08a67b78250874f78c501
-
SHA256
bf27d39d4bcefd6acc1e63fd0bf1bee8152a76443458be36ca71657a91e2d4d1
-
SHA512
86b9ab7ba445bd325e7ab0c5d40ea57799c8254dba0bacc1e11f4306a3fc4be7b0902138ad5c4d1819ba1197e11a0aee5429c734dca7b4600fe30ddda8dda6a1
-
SSDEEP
12288:AMr2y90cvDIUilEPl88a0nkI8BuKu2GRkAPUwVmBkBiq+4sltxxFi:myhsUilEPq8Fnkpu2GRkRrRqvslt4
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
db87d25edb56c618d7d41f2f458fbc54cabc5289ab771f1eb34a0e08d92928b5
-
Size
818KB
-
MD5
7967bbff3e07fba124d8dea54e35eb77
-
SHA1
ddc12b8277caecdd80f5b01d69b1ab7b0c2e47da
-
SHA256
db87d25edb56c618d7d41f2f458fbc54cabc5289ab771f1eb34a0e08d92928b5
-
SHA512
fb2db1d102f8fd17ebe1e0e49ac195a671b3222529436d177d5561bc843357106e863a190e9b06052bc6c4493ca045226aa5c9cb0d2d552a6c1edd82b6ff555a
-
SSDEEP
24576:jyD5iE2i4/+TVlB7ISI6Ajq4VCSeJ2j2ab1A:21ID/onBmVLj28
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
-
-
Target
f935568ec008833a6b510aaa18da8f703b0263d31ec0ee4a4442facb817a946c
-
Size
382KB
-
MD5
4b6a6b8c35f3dda3915da3cac190029e
-
SHA1
3597679ae4df56f9683b53c33cbdc79a55b4bfe1
-
SHA256
f935568ec008833a6b510aaa18da8f703b0263d31ec0ee4a4442facb817a946c
-
SHA512
0b0433d33affb13aed2bd576a60d5a27e838dae3d7054c5e7ee9f1147cbdf2ab81d74a53c3b68d6ebc564f6937db752651ef3bc00b3fe99f40399be35452e74d
-
SSDEEP
6144:KQy+bnr+vp0yN90QEOHNFg2bq4vsR+dfPlqz5Dq4YL+BeqliSdt9n4y9r2ja3m0n:4MrHy90S+2bm01I5zKUASdoQ2ezIBFC
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Scheduled Task/Job
7Create or Modify System Process
4Windows Service
4Privilege Escalation
Boot or Logon Autostart Execution
20Registry Run Keys / Startup Folder
20Scheduled Task/Job
7Create or Modify System Process
4Windows Service
4