General
-
Target
NEAS.e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86_JC.exe
-
Size
1.2MB
-
Sample
231007-q8g1safb85
-
MD5
76c16f29118d04c063e007cd6897389c
-
SHA1
e494cafb7a1f637c4475fb55c6f8e97f301f29d7
-
SHA256
e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86
-
SHA512
1069eddb8e073d883ce85ea788fcb4debc83c9efecc48d9a1ae0b4ece3ee805b0abf6d2246ebe8b44fd801f31648f9c59d5c08501acbdd0b8d5594817030aec9
-
SSDEEP
24576:1yEvqzCCWv1AtF8Ol17au684y+CUTD4gVqZiJ6YGRs+TifsiQg0V0Ci:QEvqzCCKEF8pL8RMD7wZiMbTiEg
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86_JC.exe
-
Size
1.2MB
-
MD5
76c16f29118d04c063e007cd6897389c
-
SHA1
e494cafb7a1f637c4475fb55c6f8e97f301f29d7
-
SHA256
e55cd557d651e570b2504ce4c3e1f4ba4cf376b5f4420fcc9fa77c2860405e86
-
SHA512
1069eddb8e073d883ce85ea788fcb4debc83c9efecc48d9a1ae0b4ece3ee805b0abf6d2246ebe8b44fd801f31648f9c59d5c08501acbdd0b8d5594817030aec9
-
SSDEEP
24576:1yEvqzCCWv1AtF8Ol17au684y+CUTD4gVqZiJ6YGRs+TifsiQg0V0Ci:QEvqzCCKEF8pL8RMD7wZiMbTiEg
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-