General
-
Target
NEAS.1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b_JC.exe
-
Size
1.2MB
-
Sample
231007-m3plwsba8s
-
MD5
b81cd3142a789eca2228e02e2a31229c
-
SHA1
6673628188e3aaa5cc5e3a0fd20cd472a85f237f
-
SHA256
1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b
-
SHA512
1b8855f6be99ade9f5d34a9bc69ba574a77957f397cd5015958eea3508e485934c1092aefebdf012b5671570c7fff8b0056b3325b56d0392abc55581599bb19c
-
SSDEEP
24576:tyg79ARUhCAlCegO5Q+wvF36AFIVjtftkIKVHXKT+w:Ik9ARmwOqjF36N/Nri
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b_JC.exe
-
Size
1.2MB
-
MD5
b81cd3142a789eca2228e02e2a31229c
-
SHA1
6673628188e3aaa5cc5e3a0fd20cd472a85f237f
-
SHA256
1f3e03ca7bfcee157393fb94a3450e5a79979b8f5c0b85427ab51908bb78810b
-
SHA512
1b8855f6be99ade9f5d34a9bc69ba574a77957f397cd5015958eea3508e485934c1092aefebdf012b5671570c7fff8b0056b3325b56d0392abc55581599bb19c
-
SSDEEP
24576:tyg79ARUhCAlCegO5Q+wvF36AFIVjtftkIKVHXKT+w:Ik9ARmwOqjF36N/Nri
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-