General
-
Target
NEAS.cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167_JC.exe
-
Size
1.2MB
-
Sample
231007-qwv2wafa94
-
MD5
f56b5c47b8d6262479efa8972b6659fc
-
SHA1
c3a546869f5060b8f145e9fea9459e319628b61b
-
SHA256
cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167
-
SHA512
99f460b0784d106b0215b298f1a1a7fbb54671d20f99cc2a9e3951a97ad7dbe93a4b922c09f7f3c57ccf7b712c4d52cee26c5b22f6f3dad012b6e5f61a6fec1a
-
SSDEEP
24576:Hyz+AQAibbQeGcGia8g9+/siXEcXfPcuIR6wUlmzt8XjT:SaAbibcHria8OSlvP06O8Xj
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167_JC.exe
-
Size
1.2MB
-
MD5
f56b5c47b8d6262479efa8972b6659fc
-
SHA1
c3a546869f5060b8f145e9fea9459e319628b61b
-
SHA256
cb373424f2a49db2f1e7f3d751ab3778c543b788df919f7b58526193f0c17167
-
SHA512
99f460b0784d106b0215b298f1a1a7fbb54671d20f99cc2a9e3951a97ad7dbe93a4b922c09f7f3c57ccf7b712c4d52cee26c5b22f6f3dad012b6e5f61a6fec1a
-
SSDEEP
24576:Hyz+AQAibbQeGcGia8g9+/siXEcXfPcuIR6wUlmzt8XjT:SaAbibcHria8OSlvP06O8Xj
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-