General
-
Target
NEAS.cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6_JC.exe
-
Size
1.2MB
-
Sample
231007-qxtv7sfb23
-
MD5
efefbcd54c77bda57e45b87e0d8113b2
-
SHA1
93c24efbf29053e532d95d86f7d62f1f00b29653
-
SHA256
cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6
-
SHA512
80d8dced38560d562e1cf8ea7bc4bf7a8ae59ccb63ca7f2b82d49bb9e6e7db489d8db0a64da859a16756f0cd904d90b49b9f4fa92871e2a949fda8ce86f644d2
-
SSDEEP
24576:LyOw+RO7nNuKvpdMqeK+aABSa+m/4Vh82wHN2egx4WGbBk:+EKnNXiqfbm/oO2wH5gx4
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6_JC.exe
-
Size
1.2MB
-
MD5
efefbcd54c77bda57e45b87e0d8113b2
-
SHA1
93c24efbf29053e532d95d86f7d62f1f00b29653
-
SHA256
cf780a9546b2bd78a4371240f5a20ce8b1c8f7f1412021361ba3b84ab78064c6
-
SHA512
80d8dced38560d562e1cf8ea7bc4bf7a8ae59ccb63ca7f2b82d49bb9e6e7db489d8db0a64da859a16756f0cd904d90b49b9f4fa92871e2a949fda8ce86f644d2
-
SSDEEP
24576:LyOw+RO7nNuKvpdMqeK+aABSa+m/4Vh82wHN2egx4WGbBk:+EKnNXiqfbm/oO2wH5gx4
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-