General
-
Target
NEAS.d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c_JC.exe
-
Size
1.2MB
-
Sample
231007-qzakcafb29
-
MD5
100ad65b0a70b7f9c441b84b6e6daf47
-
SHA1
b2a2783bb42023a20665b676869054edc4cebf54
-
SHA256
d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c
-
SHA512
cb107f31d986ee78b15f94be4319e1a2ff210d2d7c350702aedd51c66fa8ebe288c19c656b93d85646ba3b9fd73c3a0456ee8b0f9a892843fc62e817ee73133b
-
SSDEEP
24576:UyAdFAprkAj3/vOkURYc6Sf5dXAkP+Kyn/R61+cl8eeQIvhO:jgsrkGvgC0pAS8/sTlJeX
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c_JC.exe
-
Size
1.2MB
-
MD5
100ad65b0a70b7f9c441b84b6e6daf47
-
SHA1
b2a2783bb42023a20665b676869054edc4cebf54
-
SHA256
d12dd4444c3bdf96a73eda35d6944013df8b286f3e63bf72912786a3fe4b516c
-
SHA512
cb107f31d986ee78b15f94be4319e1a2ff210d2d7c350702aedd51c66fa8ebe288c19c656b93d85646ba3b9fd73c3a0456ee8b0f9a892843fc62e817ee73133b
-
SSDEEP
24576:UyAdFAprkAj3/vOkURYc6Sf5dXAkP+Kyn/R61+cl8eeQIvhO:jgsrkGvgC0pAS8/sTlJeX
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-