General
-
Target
NEAS.6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1_JC.exe
-
Size
1.2MB
-
Sample
231007-pk9kfsed75
-
MD5
238b1b81eb90a37cd138696d8b5bbfee
-
SHA1
15d4f16dbf287904dd9d2c6c345415e599d997a6
-
SHA256
6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1
-
SHA512
895b6eb5393288197b24f1b08193977aa9009f20b32738ae4d0eb8a63ffeae52f705de2beee479a8a8d656f47a83733744f6d0b47425fcd93492cfc289b2a95b
-
SSDEEP
24576:0yT+lz9iEbwqqVdGxphUG+Trc23NulRJrihWOZTS/K6LkD2Nc2vL:D4JiA4GPhxQn3NSv+4OZTELx
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1_JC.exe
-
Size
1.2MB
-
MD5
238b1b81eb90a37cd138696d8b5bbfee
-
SHA1
15d4f16dbf287904dd9d2c6c345415e599d997a6
-
SHA256
6b9abfc8743858e7af78011040551f6c7c5425a229c240d00373779e0a4c2cc1
-
SHA512
895b6eb5393288197b24f1b08193977aa9009f20b32738ae4d0eb8a63ffeae52f705de2beee479a8a8d656f47a83733744f6d0b47425fcd93492cfc289b2a95b
-
SSDEEP
24576:0yT+lz9iEbwqqVdGxphUG+Trc23NulRJrihWOZTS/K6LkD2Nc2vL:D4JiA4GPhxQn3NSv+4OZTELx
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-