General
-
Target
NEAS.7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1_JC.exe
-
Size
1.2MB
-
Sample
231007-pt1znscc6t
-
MD5
dfafeb88c07aa7136b3abb4c38d62687
-
SHA1
7c2dbb25dfab28360a07d326ad85ac91fc4f859b
-
SHA256
7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1
-
SHA512
ecf7b0798b11b32934c9e9e1621cca66de7d10bdd5a227be1b02b65af4aa92be89127b29fea160e3d2c1f9e29b6734cf2244ff962068d6d9dd4e07bfcc98bc59
-
SSDEEP
24576:JyJX6WLz4L3SKLNtGMtRE7+Ra8Zoiub1iop2zSlofRq9O:8JKu4bSgtR4woN2c9
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1_JC.exe
-
Size
1.2MB
-
MD5
dfafeb88c07aa7136b3abb4c38d62687
-
SHA1
7c2dbb25dfab28360a07d326ad85ac91fc4f859b
-
SHA256
7ffa888fbab3ebf2f529903826e30370223800cb9e63fec0dcd7a9683e6021e1
-
SHA512
ecf7b0798b11b32934c9e9e1621cca66de7d10bdd5a227be1b02b65af4aa92be89127b29fea160e3d2c1f9e29b6734cf2244ff962068d6d9dd4e07bfcc98bc59
-
SSDEEP
24576:JyJX6WLz4L3SKLNtGMtRE7+Ra8Zoiub1iop2zSlofRq9O:8JKu4bSgtR4woN2c9
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-