General
-
Target
NEAS.cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2_JC.exe
-
Size
1.2MB
-
Sample
231007-qx2k2sfb25
-
MD5
1052f8a9850ff2cdb3305c4693fb3bc2
-
SHA1
32363959f3f2db69aa1311d268affce5f7e5a130
-
SHA256
cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2
-
SHA512
1f65110317fc5bea56d95df856de912aae3cbeea853d62fcbf0487d47de212fb95740d6400088177bd1a313932df06460547a68910b2d62d4362cb6d895908b7
-
SSDEEP
24576:Py8i+Ca4HSc3QJthXZ+8LKwtWPoq+aNQO418UgpMc/eSpQ:a8i+CmuqhJswvq7OO4WUa/eSp
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2_JC.exe
-
Size
1.2MB
-
MD5
1052f8a9850ff2cdb3305c4693fb3bc2
-
SHA1
32363959f3f2db69aa1311d268affce5f7e5a130
-
SHA256
cfb43a8521b91093cc4c585e28556ea093351fade2937e840921fbc278f763b2
-
SHA512
1f65110317fc5bea56d95df856de912aae3cbeea853d62fcbf0487d47de212fb95740d6400088177bd1a313932df06460547a68910b2d62d4362cb6d895908b7
-
SSDEEP
24576:Py8i+Ca4HSc3QJthXZ+8LKwtWPoq+aNQO418UgpMc/eSpQ:a8i+CmuqhJswvq7OO4WUa/eSp
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-