General
-
Target
NEAS.a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730_JC.exe
-
Size
1.2MB
-
Sample
231007-qgca8ace91
-
MD5
2c30ccfb91d8c12e1929aea0334d03e7
-
SHA1
2b0fa32a016514cc1fa390a9b842cca6b987dc1c
-
SHA256
a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730
-
SHA512
805e8e5b125aa9544d926fd63c2acfde1db48336caa1b9b1553945c642dad2947c60c59fa02cf7abefb7750b315ec0c6ad76ba5e8c111bad84d8ef954c8bfeb8
-
SSDEEP
24576:My68tUA0J/dKtPAHKcA9+vEOgd7SKuCi3pPOH/3YH:768trsMJLci0YSZCgWHvY
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730_JC.exe
-
Size
1.2MB
-
MD5
2c30ccfb91d8c12e1929aea0334d03e7
-
SHA1
2b0fa32a016514cc1fa390a9b842cca6b987dc1c
-
SHA256
a737471329bbf31291b2fb23ec856f36e8b3818b486b3f61a32a27519d268730
-
SHA512
805e8e5b125aa9544d926fd63c2acfde1db48336caa1b9b1553945c642dad2947c60c59fa02cf7abefb7750b315ec0c6ad76ba5e8c111bad84d8ef954c8bfeb8
-
SSDEEP
24576:My68tUA0J/dKtPAHKcA9+vEOgd7SKuCi3pPOH/3YH:768trsMJLci0YSZCgWHvY
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-