General
-
Target
NEAS.8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c_JC.exe
-
Size
1.2MB
-
Sample
231007-pvfp5aee99
-
MD5
4e69ba0391db6de4be9f9ecbb59704fe
-
SHA1
efc1f299ad11e1cb690c83b1179f701c44e92c4b
-
SHA256
8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c
-
SHA512
2cdde6f5d4cedf3a12859577459e21ccd4fb956744fb38c81a87861254f3e1d2088e761144cc7679bdc65f12ba9bdcbd3bbbdb343d6b0943ef2d480c9c91b68f
-
SSDEEP
24576:ayeKinFUsJyOj+lpQ+QX8slAv1YABa5fLNQ:heLJ0letI1H0T
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c_JC.exe
-
Size
1.2MB
-
MD5
4e69ba0391db6de4be9f9ecbb59704fe
-
SHA1
efc1f299ad11e1cb690c83b1179f701c44e92c4b
-
SHA256
8152ac23e0f47c5a47d372652f130249d1881d3b6398e8949e1a658e0980a64c
-
SHA512
2cdde6f5d4cedf3a12859577459e21ccd4fb956744fb38c81a87861254f3e1d2088e761144cc7679bdc65f12ba9bdcbd3bbbdb343d6b0943ef2d480c9c91b68f
-
SSDEEP
24576:ayeKinFUsJyOj+lpQ+QX8slAv1YABa5fLNQ:heLJ0letI1H0T
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-