General
-
Target
NEAS.77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2_JC.exe
-
Size
1.2MB
-
Sample
231007-prnassee82
-
MD5
d1055c02e41c8073e2c16de3b00c3fc2
-
SHA1
f407224f6648d2b3ea0b9dd9f0436be4155e6b41
-
SHA256
77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2
-
SHA512
07b58a578a1bd163783ebdce54649634de3b8b910b604b3600e86ddd39be0aaf689b8f5e25220fec0b7328bed6ad8b7c8e2ea9e06dfddaaf6d6f327570c65fe6
-
SSDEEP
24576:Iyrf6BUXyrOGbGZvKmsfN/QDKfvfQgap5mUMrDzo:P+BGSyZvS/QDKfvfQ95m/rH
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2_JC.exe
-
Size
1.2MB
-
MD5
d1055c02e41c8073e2c16de3b00c3fc2
-
SHA1
f407224f6648d2b3ea0b9dd9f0436be4155e6b41
-
SHA256
77a9f4d762816d1ae454ba5690e4ab900f37a4d92bbc5c27b7e1d3c944e929c2
-
SHA512
07b58a578a1bd163783ebdce54649634de3b8b910b604b3600e86ddd39be0aaf689b8f5e25220fec0b7328bed6ad8b7c8e2ea9e06dfddaaf6d6f327570c65fe6
-
SSDEEP
24576:Iyrf6BUXyrOGbGZvKmsfN/QDKfvfQgap5mUMrDzo:P+BGSyZvS/QDKfvfQ95m/rH
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-