General
-
Target
NEAS.ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a_JC.exe
-
Size
1.2MB
-
Sample
231007-q4e1macg9x
-
MD5
2216ecad807d5a5060e52cee08e93633
-
SHA1
6b4514ade3dded88bb805c37275d461781ee8459
-
SHA256
ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a
-
SHA512
c70fb9d6e92788215214aa1088c5908d532f369f17b9c8e03c6a5a5b9291b25522bcf34698937ec26595cf4dbc27ce1096cc20a4b62fc7fb09bc36b37cc1359c
-
SSDEEP
24576:Hygx1DqX7JQ8k2IhsncGleWShMc3Z1VMRYoSzUFHE:Ss1DqbHXDeWm1VMRYoS
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a_JC.exe
-
Size
1.2MB
-
MD5
2216ecad807d5a5060e52cee08e93633
-
SHA1
6b4514ade3dded88bb805c37275d461781ee8459
-
SHA256
ddacad369bdc13de3e96f4ecfee84a08e9bfbc576fcd1fb49f18852d17492c0a
-
SHA512
c70fb9d6e92788215214aa1088c5908d532f369f17b9c8e03c6a5a5b9291b25522bcf34698937ec26595cf4dbc27ce1096cc20a4b62fc7fb09bc36b37cc1359c
-
SSDEEP
24576:Hygx1DqX7JQ8k2IhsncGleWShMc3Z1VMRYoSzUFHE:Ss1DqbHXDeWm1VMRYoS
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-