General
-
Target
NEAS.bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db_JC.exe
-
Size
1.2MB
-
Sample
231007-qrpz3afa62
-
MD5
76022ce2b16b6a7f50822b001b7d95d0
-
SHA1
0af3ee64c8b9474e53ef9ca0da36c41e33909104
-
SHA256
bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db
-
SHA512
8adaaa4f68bbdc0947908325071209d4522c76c2f0c5befc7423ecf2c7be1c5881bb6e0538544532eee042092670e106047674e3216c42a8cd4cb12b31aa5f67
-
SSDEEP
24576:1y6X3Z/d5XxogIkgy0CHgX46yIR+REhxV95o8a7FGzt3ZqdT2oQw9Ub:Q6X3JLGKVAo6y6bJ9G7cZST/
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db_JC.exe
-
Size
1.2MB
-
MD5
76022ce2b16b6a7f50822b001b7d95d0
-
SHA1
0af3ee64c8b9474e53ef9ca0da36c41e33909104
-
SHA256
bf03d9a7c8f20a29a60b47319d60687a96a6e7e8d6293bf1ae102578526d38db
-
SHA512
8adaaa4f68bbdc0947908325071209d4522c76c2f0c5befc7423ecf2c7be1c5881bb6e0538544532eee042092670e106047674e3216c42a8cd4cb12b31aa5f67
-
SSDEEP
24576:1y6X3Z/d5XxogIkgy0CHgX46yIR+REhxV95o8a7FGzt3ZqdT2oQw9Ub:Q6X3JLGKVAo6y6bJ9G7cZST/
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-