General
-
Target
NEAS.7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4_JC.exe
-
Size
1.2MB
-
Sample
231007-pqvy9aee72
-
MD5
bdb6197d8f30a040afeb2a26b1fa9f6c
-
SHA1
d3346dbcc1a9d7e45dc14744e425b7aef682f36a
-
SHA256
7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4
-
SHA512
f2fbb748b73383eeeb0e8f2eb91071327bdc8f59ceb6366e46e6650a398ac8506c6d4a64bf88a659c82fa69c587a9360ef536b06964ccd54814647daa77d5e7a
-
SSDEEP
24576:OyQsGWG1S8VbHR90y9uLDTJD4SZwSle9S7kc7uwQmjRspJY:dQt48VLR/sDlD4SZ1WS7kdHmjiJ
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4_JC.exe
-
Size
1.2MB
-
MD5
bdb6197d8f30a040afeb2a26b1fa9f6c
-
SHA1
d3346dbcc1a9d7e45dc14744e425b7aef682f36a
-
SHA256
7648f33eb507bde26526fe8a32cbe36abc044b8facd0be4a14418d83c11552d4
-
SHA512
f2fbb748b73383eeeb0e8f2eb91071327bdc8f59ceb6366e46e6650a398ac8506c6d4a64bf88a659c82fa69c587a9360ef536b06964ccd54814647daa77d5e7a
-
SSDEEP
24576:OyQsGWG1S8VbHR90y9uLDTJD4SZwSle9S7kc7uwQmjRspJY:dQt48VLR/sDlD4SZ1WS7kdHmjiJ
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-