General
-
Target
NEAS.a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70_JC.exe
-
Size
1.2MB
-
Sample
231007-qfls9sce9v
-
MD5
7bb273c8476a599a0fb7dba9ca9dcc9c
-
SHA1
89b7788e3c9d50c09a8f59b5b9675353e99f2e89
-
SHA256
a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70
-
SHA512
da9e87a6e8cae729b8a6a47828677f86105ffad820ec9e972e9cc5c5562d6e4655235aa6dd20f58cb0d4fefa57188d88626c648498e997b4fbdc6e889cf30666
-
SSDEEP
24576:eyz5zsFl5hTymIuNyMOGPJdAdXCJEwe8x7Je/Rssaf:tzJsFl3TyTdGPJdlJEwee92ssa
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70_JC.exe
-
Size
1.2MB
-
MD5
7bb273c8476a599a0fb7dba9ca9dcc9c
-
SHA1
89b7788e3c9d50c09a8f59b5b9675353e99f2e89
-
SHA256
a4c3412f202d55b1ae04358e3f170c21aeec0f1661d0af1d497947a87b3aea70
-
SHA512
da9e87a6e8cae729b8a6a47828677f86105ffad820ec9e972e9cc5c5562d6e4655235aa6dd20f58cb0d4fefa57188d88626c648498e997b4fbdc6e889cf30666
-
SSDEEP
24576:eyz5zsFl5hTymIuNyMOGPJdAdXCJEwe8x7Je/Rssaf:tzJsFl3TyTdGPJdlJEwee92ssa
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-