General
-
Target
NEAS.575672d2a96bf9d67c38852b832e9faafdc27b03d7a962ee35518be0810ccfc7_JC.exe
-
Size
1.2MB
-
Sample
231007-n67gjsbg9t
-
MD5
132634c45f4bfb7613cf7769a8ca51b6
-
SHA1
7e99fb81476af52c84815d058556e237f8bcd05d
-
SHA256
575672d2a96bf9d67c38852b832e9faafdc27b03d7a962ee35518be0810ccfc7
-
SHA512
8b6f36957dacbf7d5165825fb60f6e867b030c5c5564ac417ca7223b53945c0e0857ed83d0ce8a4036bae3df245b034ebbd3288c75dc79403bdb92c65f88a738
-
SSDEEP
24576:qylyzgqub1NU6PdWyF00XpD0A+T1NQnp+zmrOf6lszGjpe3KhTbSf:xlOo1NU6Y/0ZDnxmKszGjpe6
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.575672d2a96bf9d67c38852b832e9faafdc27b03d7a962ee35518be0810ccfc7_JC.exe
-
Size
1.2MB
-
MD5
132634c45f4bfb7613cf7769a8ca51b6
-
SHA1
7e99fb81476af52c84815d058556e237f8bcd05d
-
SHA256
575672d2a96bf9d67c38852b832e9faafdc27b03d7a962ee35518be0810ccfc7
-
SHA512
8b6f36957dacbf7d5165825fb60f6e867b030c5c5564ac417ca7223b53945c0e0857ed83d0ce8a4036bae3df245b034ebbd3288c75dc79403bdb92c65f88a738
-
SSDEEP
24576:qylyzgqub1NU6PdWyF00XpD0A+T1NQnp+zmrOf6lszGjpe3KhTbSf:xlOo1NU6Y/0ZDnxmKszGjpe6
Score10/10-
Detect Mystic stealer payload
-
Mystic
Mystic is an infostealer written in C++.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-