General
-
Target
NEAS.d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7_JC.exe
-
Size
1.2MB
-
Sample
231007-q1e68afb42
-
MD5
1dcf8f76d79ebde4ef930dd2bc2e52a8
-
SHA1
159a74cf25fa6bb47f6a169909bb0ddc0bc74568
-
SHA256
d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7
-
SHA512
44e63856bc3dc3d3acabead0e12c1553e86049ac1747afef1dd707ca3736acff7e92c3340d667f62441047f49f47d02b6787b9bf7eef4a767cd99483af381d6c
-
SSDEEP
24576:HpyhEXbzY1t5wtmmcWP7z3u+OZ2B2TNGhH67Y4DRyhZd2R89A:HcCQ1t52Fl7zeSB2TQHAVDRYZl
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7_JC.exe
-
Size
1.2MB
-
MD5
1dcf8f76d79ebde4ef930dd2bc2e52a8
-
SHA1
159a74cf25fa6bb47f6a169909bb0ddc0bc74568
-
SHA256
d4eb29837f23fcbaa13b24ee5bae745691a5d502522ddd7d339d4ea8375ae6a7
-
SHA512
44e63856bc3dc3d3acabead0e12c1553e86049ac1747afef1dd707ca3736acff7e92c3340d667f62441047f49f47d02b6787b9bf7eef4a767cd99483af381d6c
-
SSDEEP
24576:HpyhEXbzY1t5wtmmcWP7z3u+OZ2B2TNGhH67Y4DRyhZd2R89A:HcCQ1t52Fl7zeSB2TQHAVDRYZl
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-