General
-
Target
NEAS.98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69_JC.exe
-
Size
1.2MB
-
Sample
231007-p7enlaeg24
-
MD5
87f98456d6afa15c5cb568a6cc5e92d6
-
SHA1
ffb29b81e510484b4a194dfd286fa0607af6a6e7
-
SHA256
98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69
-
SHA512
8b5146de1211f214766f6f44098dae0718c9234b38dee677fa299f5e47c746049263fee7ced65fe5ecb866d5214b0a3890326c436f00140712866645772334fd
-
SSDEEP
24576:pyyMgIwYPpnOGSNhzLBZ99LYYBnSb9dw/+MdWAh8hlB06RA:cyXIhzSN7pLYcWwhWlhw6R
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69_JC.exe
-
Size
1.2MB
-
MD5
87f98456d6afa15c5cb568a6cc5e92d6
-
SHA1
ffb29b81e510484b4a194dfd286fa0607af6a6e7
-
SHA256
98c0f97a0364b29a2ba428b4626ca67252f137fc7b82b4bacb0586bd2dd1da69
-
SHA512
8b5146de1211f214766f6f44098dae0718c9234b38dee677fa299f5e47c746049263fee7ced65fe5ecb866d5214b0a3890326c436f00140712866645772334fd
-
SSDEEP
24576:pyyMgIwYPpnOGSNhzLBZ99LYYBnSb9dw/+MdWAh8hlB06RA:cyXIhzSN7pLYcWwhWlhw6R
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-