General
-
Target
NEAS.19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1_JC.exe
-
Size
1.2MB
-
Sample
231007-mzp39aba4v
-
MD5
d4c23a8329fba7a56eba2411789af75b
-
SHA1
48a51891d5b1d6ad63f89667cc2a287a2932d50b
-
SHA256
19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1
-
SHA512
109ec8832cdeef157055d29b73245265cc762ba6062ac74ccd7a7108c116980f47c4fa03d667abe4c1d884f19870acf072affa344c5e1c563ceefd991747357a
-
SSDEEP
24576:8ysAqymZQP8sKZLI18NbVf6TG4M+EveufkpkDGPdRR1+Pgpctoayo6:rXVmK8DIib9GGjYkDGlf2CcaaX
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1_JC.exe
-
Size
1.2MB
-
MD5
d4c23a8329fba7a56eba2411789af75b
-
SHA1
48a51891d5b1d6ad63f89667cc2a287a2932d50b
-
SHA256
19b4682054ef64045fbab452b18ade9e55da70fe53672e1db5b0ce8193e0e0d1
-
SHA512
109ec8832cdeef157055d29b73245265cc762ba6062ac74ccd7a7108c116980f47c4fa03d667abe4c1d884f19870acf072affa344c5e1c563ceefd991747357a
-
SSDEEP
24576:8ysAqymZQP8sKZLI18NbVf6TG4M+EveufkpkDGPdRR1+Pgpctoayo6:rXVmK8DIib9GGjYkDGlf2CcaaX
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-