General
-
Target
NEAS.63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8_JC.exe
-
Size
1.2MB
-
Sample
231007-pd59fsca3z
-
MD5
919b359a73a034bd1742a3846ce1332d
-
SHA1
e82d56a9aeeb2b8a4568b7bd86d94f8ad4565e13
-
SHA256
63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8
-
SHA512
c5893022d530cfa36dbd8b7eb7aa45655caaee99f64bc456dfa0d8147e5d09afd49835804f4287e7cdb0b64a5850010b78e34c9f0ca0d36c19c4bbc677878f2a
-
SSDEEP
24576:9y2CyMEv4qZAina4sIgXajxFCv0RuSR8Ghl3GSKc5yDIEGAMT:Y2CyMQ5lgSxFJRuNcG45yDIEtM
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8_JC.exe
-
Size
1.2MB
-
MD5
919b359a73a034bd1742a3846ce1332d
-
SHA1
e82d56a9aeeb2b8a4568b7bd86d94f8ad4565e13
-
SHA256
63e6b5c83075ac978e67dd3e333b3a73cf6c4d1c644a3e8975acdc6fb9c7c1f8
-
SHA512
c5893022d530cfa36dbd8b7eb7aa45655caaee99f64bc456dfa0d8147e5d09afd49835804f4287e7cdb0b64a5850010b78e34c9f0ca0d36c19c4bbc677878f2a
-
SSDEEP
24576:9y2CyMEv4qZAina4sIgXajxFCv0RuSR8Ghl3GSKc5yDIEGAMT:Y2CyMQ5lgSxFJRuNcG45yDIEtM
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-