General
-
Target
NEAS.3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef_JC.exe
-
Size
1.2MB
-
Sample
231007-nmjw5sbd5w
-
MD5
963e4375037049d27ab3ffd5adc557a4
-
SHA1
4209b2805b0bdb64b0b1a33d282f0106dda5e4f7
-
SHA256
3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef
-
SHA512
c00f580e86dd507f4b4bb0f93341fdbca6e12983628d3f1bf4797d7c1b8357a3563829daf71a8f3f6ec81d2bce944be1b34142938ff64c4b7f49249ecd400148
-
SSDEEP
24576:2y8i1yIFHYMKqnG8O6DcEooZTmpi06YKofepIG:F8ayYK38O65ooZfEKP
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef_JC.exe
-
Size
1.2MB
-
MD5
963e4375037049d27ab3ffd5adc557a4
-
SHA1
4209b2805b0bdb64b0b1a33d282f0106dda5e4f7
-
SHA256
3b3de6f1483c2e36638b183c5b4b1d16764a7f3a89b934cedddad6423bd101ef
-
SHA512
c00f580e86dd507f4b4bb0f93341fdbca6e12983628d3f1bf4797d7c1b8357a3563829daf71a8f3f6ec81d2bce944be1b34142938ff64c4b7f49249ecd400148
-
SSDEEP
24576:2y8i1yIFHYMKqnG8O6DcEooZTmpi06YKofepIG:F8ayYK38O65ooZfEKP
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-