General
-
Target
NEAS.df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a_JC.exe
-
Size
1.2MB
-
Sample
231007-q5qthsch2v
-
MD5
7a37d9200f1b26ef38d83fc8bab95593
-
SHA1
805048f58107db04ecb7fb403a31132adb8d72bf
-
SHA256
df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a
-
SHA512
170043c934432aa19938f312f3ab83a13561794c9514e19f6610122aa6ac07a80baaf0496eaaa497e92d1006be3c31f4e2a7d8b3a6eacafc3b862d4dd0e6b8bb
-
SSDEEP
24576:xyu7A5IXxBE1i1pHeD+6ryVXA8u7+SAoZl+2tf9J4VD:kuA5IBWo1pH+YZuq1W+F
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a_JC.exe
-
Size
1.2MB
-
MD5
7a37d9200f1b26ef38d83fc8bab95593
-
SHA1
805048f58107db04ecb7fb403a31132adb8d72bf
-
SHA256
df082341e3dfa9b4203cbcc9ce56d2d44ffdddb16d6fa744eb00cb67d3f6255a
-
SHA512
170043c934432aa19938f312f3ab83a13561794c9514e19f6610122aa6ac07a80baaf0496eaaa497e92d1006be3c31f4e2a7d8b3a6eacafc3b862d4dd0e6b8bb
-
SSDEEP
24576:xyu7A5IXxBE1i1pHeD+6ryVXA8u7+SAoZl+2tf9J4VD:kuA5IBWo1pH+YZuq1W+F
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-