Overview

overview

10

Static

static

3

NEAS.e96dc...JC.exe

windows7-x64

10

NEAS.e96dc...JC.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEAS.e96dc95025fa52c1bae82541849c3f3673202bbe6f3a2f7060e4bdab597c32b5_JC.exe

  • Size

    1.2MB

  • Sample

    231007-q9zxzsfc25

  • MD5

    24e91e9fceebc0e666be7d3205071aaa

  • SHA1

    5a95aa8a5ff40cd34eae8b5bb75ca684e5757bf5

  • SHA256

    e96dc95025fa52c1bae82541849c3f3673202bbe6f3a2f7060e4bdab597c32b5

  • SHA512

    041688a0525c708666ec483804c8cbc21ef21eb05f1b4909789420e1029b39e82e86aebe3ffc81e431cd23b3f45eb7f99ba6aae1338aab5dcd99118d51f1e328

  • SSDEEP

    24576:kyzkwomNFn+JqPpv1G+MAzjaxQGTLAnhuggNhgIbL4HfiQ:zzkDm7hvYeyxQGon4gUhN

Score
10/10
mysticredlinegigantinfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      NEAS.e96dc95025fa52c1bae82541849c3f3673202bbe6f3a2f7060e4bdab597c32b5_JC.exe

    • Size

      1.2MB

    • MD5

      24e91e9fceebc0e666be7d3205071aaa

    • SHA1

      5a95aa8a5ff40cd34eae8b5bb75ca684e5757bf5

    • SHA256

      e96dc95025fa52c1bae82541849c3f3673202bbe6f3a2f7060e4bdab597c32b5

    • SHA512

      041688a0525c708666ec483804c8cbc21ef21eb05f1b4909789420e1029b39e82e86aebe3ffc81e431cd23b3f45eb7f99ba6aae1338aab5dcd99118d51f1e328

    • SSDEEP

      24576:kyzkwomNFn+JqPpv1G+MAzjaxQGTLAnhuggNhgIbL4HfiQ:zzkDm7hvYeyxQGon4gUhN

    Score
    10/10
    mysticpersistencestealerredlinegigantinfostealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks