General
-
Target
NEAS.7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239_JC.exe
-
Size
1.2MB
-
Sample
231007-pr9h2aee85
-
MD5
ba6d343aebb18fbdbdc8b55f4496c716
-
SHA1
562b382500f4a502f64fb0458d87eb1cce8cd355
-
SHA256
7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239
-
SHA512
20a14a6bd332ecd79a828defadcfc93ac073170c7925b7a0434c65bb4216457099a52c0764201cc9bbeae811c26c2372e3475d5644b2d43dad8ce771667c832c
-
SSDEEP
24576:FyJlxCkwLtbHr+HWf8sRR7bplUzF2l5rRGHQLusQF7:g1CDRa2XbplUh27rHk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239_JC.exe
-
Size
1.2MB
-
MD5
ba6d343aebb18fbdbdc8b55f4496c716
-
SHA1
562b382500f4a502f64fb0458d87eb1cce8cd355
-
SHA256
7994c1a62ea89bb9237c4dc0bfb6b4ccc026c4c8971bebe11d13de37352d7239
-
SHA512
20a14a6bd332ecd79a828defadcfc93ac073170c7925b7a0434c65bb4216457099a52c0764201cc9bbeae811c26c2372e3475d5644b2d43dad8ce771667c832c
-
SSDEEP
24576:FyJlxCkwLtbHr+HWf8sRR7bplUzF2l5rRGHQLusQF7:g1CDRa2XbplUh27rHk
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-