General
-
Target
NEAS.300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e_JC.exe
-
Size
1.2MB
-
Sample
231007-nfx57adf49
-
MD5
d0c1af93a3f6d35a464a5bfe57a324f5
-
SHA1
8b37fe4cda0ea152950412829c3aca2cd3262347
-
SHA256
300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e
-
SHA512
eea1d81b803e0a3558c99cdc02b6fbdad9d19d3749c1bfd030c9546ce5a1c9121e38a733b78bc34248a8fdf9727663601117260906bf3002e4d492fba5e56295
-
SSDEEP
24576:ayECoKrMdqf3Ef1dCfivYqpkBVp0jJxBjrgeXBn+Whcb5R8uV:hSs3Ef1a4pVjJL/geRnVub5uu
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e_JC.exe
-
Size
1.2MB
-
MD5
d0c1af93a3f6d35a464a5bfe57a324f5
-
SHA1
8b37fe4cda0ea152950412829c3aca2cd3262347
-
SHA256
300eea77472a8e52b3f2ddc9616f05d14b8a344c410b3b0568b611fdeb2ab03e
-
SHA512
eea1d81b803e0a3558c99cdc02b6fbdad9d19d3749c1bfd030c9546ce5a1c9121e38a733b78bc34248a8fdf9727663601117260906bf3002e4d492fba5e56295
-
SSDEEP
24576:ayECoKrMdqf3Ef1dCfivYqpkBVp0jJxBjrgeXBn+Whcb5R8uV:hSs3Ef1a4pVjJL/geRnVub5uu
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-