General
-
Target
NEAS.72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f_JC.exe
-
Size
1.2MB
-
Sample
231007-pntneacb7y
-
MD5
d39519f7684e4043c3e672c9ce96ea49
-
SHA1
3e4cf0d43c44d40bf131fa4b49987fc5fde96f5c
-
SHA256
72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f
-
SHA512
0e715324684d1500e8654b1073fe76e1fa38c48e35d9f896fd3291d6e2e09162180c00482855a5553d092823eebfc004586727ccceaf5377fbe1f7d2828d912e
-
SSDEEP
24576:SyXl3fcp08vX+Aqpp+L0ZLxWnN3GAe7pY/nF1SBs:5XtfMdvX9qjv0naO/zo
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f_JC.exe
-
Size
1.2MB
-
MD5
d39519f7684e4043c3e672c9ce96ea49
-
SHA1
3e4cf0d43c44d40bf131fa4b49987fc5fde96f5c
-
SHA256
72e81f63c1ce3ff92f4a7f33c75a1c707392988def8901ab922efe607271c17f
-
SHA512
0e715324684d1500e8654b1073fe76e1fa38c48e35d9f896fd3291d6e2e09162180c00482855a5553d092823eebfc004586727ccceaf5377fbe1f7d2828d912e
-
SSDEEP
24576:SyXl3fcp08vX+Aqpp+L0ZLxWnN3GAe7pY/nF1SBs:5XtfMdvX9qjv0naO/zo
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-