General
-
Target
NEAS.46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7_JC.exe
-
Size
1.2MB
-
Sample
231007-nyb1nsbe8y
-
MD5
4282879a7476bad218d36efb1e6be79a
-
SHA1
99fbb8927f550eb95968cc2b4ebcbf794b819724
-
SHA256
46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7
-
SHA512
934c0585cbb94b719be9cd1682a6520728ca0859a77aca5f3823fa135e2ae26a5c1b5e923194e6c1d9e934112ed2f8348c3cefd0ecf6823b0062ac460d4b7608
-
SSDEEP
24576:myQE/Lp8E3ZEnYYWU+vH/cBMfLuqHGqpCVOZ3C8iEr6W0VNsbp:1Qkl8xnYYVOcfmNrCXVm
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7_JC.exe
-
Size
1.2MB
-
MD5
4282879a7476bad218d36efb1e6be79a
-
SHA1
99fbb8927f550eb95968cc2b4ebcbf794b819724
-
SHA256
46684b490d4eb97695320700dd3d11c4179e0b6ff02dbe1096e7ef1b285a39b7
-
SHA512
934c0585cbb94b719be9cd1682a6520728ca0859a77aca5f3823fa135e2ae26a5c1b5e923194e6c1d9e934112ed2f8348c3cefd0ecf6823b0062ac460d4b7608
-
SSDEEP
24576:myQE/Lp8E3ZEnYYWU+vH/cBMfLuqHGqpCVOZ3C8iEr6W0VNsbp:1Qkl8xnYYVOcfmNrCXVm
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-