General
-
Target
NEAS.301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2_JC.exe
-
Size
1.2MB
-
Sample
231007-nf2hlsdf52
-
MD5
4ba30a08673fd97bcaeb27d725be1d2b
-
SHA1
9b5386126bd576af3af8aa7ae6e0475db49a11a9
-
SHA256
301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2
-
SHA512
733d3f779a5e29f48acfcfb9bf3c677884bba0926b05567ca2fc83b93f90539ba3667530218409a0ebfe52d22055d55f64ce39e29283e59056c7f08c8ac83243
-
SSDEEP
24576:XyO7T9Em/2HLhKM4mO+6YW+01hdA/KgMHdDVM5Ferg:iO72HLhhD6BFQKlHdDVM5Mr
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2_JC.exe
-
Size
1.2MB
-
MD5
4ba30a08673fd97bcaeb27d725be1d2b
-
SHA1
9b5386126bd576af3af8aa7ae6e0475db49a11a9
-
SHA256
301dab91222f7ec5df8ac2e0b92a8a671697e53c29e55f14ad84643cc48bbed2
-
SHA512
733d3f779a5e29f48acfcfb9bf3c677884bba0926b05567ca2fc83b93f90539ba3667530218409a0ebfe52d22055d55f64ce39e29283e59056c7f08c8ac83243
-
SSDEEP
24576:XyO7T9Em/2HLhKM4mO+6YW+01hdA/KgMHdDVM5Ferg:iO72HLhhD6BFQKlHdDVM5Mr
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-