General
-
Target
NEAS.8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343_JC.exe
-
Size
1.2MB
-
Sample
231007-pz4bzsef54
-
MD5
29bc6840f664371a705af569215eba8e
-
SHA1
6f8e1db14d75f8b5316211fa4329806b7894b318
-
SHA256
8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343
-
SHA512
c383668fff51258d5b7225a13f4506560b2b4ed19920ca9399e9fc6fdb507d8701ba2cd2439639150f2b8cd1dd2e228af334859a0e9bc021682878578dec4361
-
SSDEEP
24576:RyOyJKDGmcCKZsPMEEsxm+sfl4Hl4n1p4QxxHVVj44DXQudO4WxWo7:EOyJOK+PhEsENl4F61RxHVVk8Qu
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343_JC.exe
-
Size
1.2MB
-
MD5
29bc6840f664371a705af569215eba8e
-
SHA1
6f8e1db14d75f8b5316211fa4329806b7894b318
-
SHA256
8a8a14e7fb87ac8bfb23e7d5d0874e7551de1b22af884f0d9a2098c17c387343
-
SHA512
c383668fff51258d5b7225a13f4506560b2b4ed19920ca9399e9fc6fdb507d8701ba2cd2439639150f2b8cd1dd2e228af334859a0e9bc021682878578dec4361
-
SSDEEP
24576:RyOyJKDGmcCKZsPMEEsxm+sfl4Hl4n1p4QxxHVVj44DXQudO4WxWo7:EOyJOK+PhEsENl4F61RxHVVk8Qu
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-