General
-
Target
NEAS.e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf_JC.exe
-
Size
1.2MB
-
Sample
231007-q78r4sch4x
-
MD5
8a5131fa4cb385e65b818b6189fb1662
-
SHA1
eebf2ac535f51d7d16219ad1bc4fdf92f2552271
-
SHA256
e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf
-
SHA512
884f4100578b35e61f5fdab2b90e374a00859764fb707778f124c7fd170d15081a33249dd5863a54b8740feaea817bdae31f0c9103e48425c79b791e7fb100e7
-
SSDEEP
24576:ayjC2EmuBGN1X+5Xr2CwfnI36qA3CzkQERXVC/M:h7sGNlWKqAtQiV
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf_JC.exe
-
Size
1.2MB
-
MD5
8a5131fa4cb385e65b818b6189fb1662
-
SHA1
eebf2ac535f51d7d16219ad1bc4fdf92f2552271
-
SHA256
e45cad29f3234c6392c5f6e84eb764dce17d47da6e46a61cd2f50f56ea080fcf
-
SHA512
884f4100578b35e61f5fdab2b90e374a00859764fb707778f124c7fd170d15081a33249dd5863a54b8740feaea817bdae31f0c9103e48425c79b791e7fb100e7
-
SSDEEP
24576:ayjC2EmuBGN1X+5Xr2CwfnI36qA3CzkQERXVC/M:h7sGNlWKqAtQiV
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-