General
-
Target
NEAS.80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936_JC.exe
-
Size
1.2MB
-
Sample
231007-pt6j6acc6w
-
MD5
7d4e85ff05ae0aa1db90bfb693b473c2
-
SHA1
05c82725cf416549d7ef91ccd38ba0f62eab5ed6
-
SHA256
80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936
-
SHA512
83e60c528d4653593834215560875846d540ec05875957f05598f2e130fc08934e385c1ebb05acc787c6023e229e616d260d4456d5861a7af09168993e77e2c6
-
SSDEEP
24576:/yePpbSK2Ctz/Sc01Kp3++uVOuO27WKZw:KeIKlJIgpORzZ
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936_JC.exe
-
Size
1.2MB
-
MD5
7d4e85ff05ae0aa1db90bfb693b473c2
-
SHA1
05c82725cf416549d7ef91ccd38ba0f62eab5ed6
-
SHA256
80633f3a014bd40bd4c91c797dc27167a21f8db65d64022aaef10763aa7ee936
-
SHA512
83e60c528d4653593834215560875846d540ec05875957f05598f2e130fc08934e385c1ebb05acc787c6023e229e616d260d4456d5861a7af09168993e77e2c6
-
SSDEEP
24576:/yePpbSK2Ctz/Sc01Kp3++uVOuO27WKZw:KeIKlJIgpORzZ
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-