General
-
Target
NEAS.fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a_JC.exe
-
Size
1.2MB
-
Sample
231007-rh3egafd42
-
MD5
70a3ab192cdbcb0bc2e3c65fdf83f40a
-
SHA1
6a2beb167a0956b9555c55746569fc62edf22a54
-
SHA256
fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a
-
SHA512
aed7b5ce131067280a1fe39af286906a38397b987aa08052edb580cbcce965365e2dc861f672d50e38548464cc17a27ed7cd1d1d2d89634be3e3e1914a0ce703
-
SSDEEP
24576:Py4FOuU7wFto58ksfVMigM+l2jHkb8T1iPswKHKCyMK+xT:anIFKEMi/tjZ1iPaqKx
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a_JC.exe
-
Size
1.2MB
-
MD5
70a3ab192cdbcb0bc2e3c65fdf83f40a
-
SHA1
6a2beb167a0956b9555c55746569fc62edf22a54
-
SHA256
fbe6b69085d05c446db997eaff204381f4074c4fcd31fbf3c426a24c97657a2a
-
SHA512
aed7b5ce131067280a1fe39af286906a38397b987aa08052edb580cbcce965365e2dc861f672d50e38548464cc17a27ed7cd1d1d2d89634be3e3e1914a0ce703
-
SSDEEP
24576:Py4FOuU7wFto58ksfVMigM+l2jHkb8T1iPswKHKCyMK+xT:anIFKEMi/tjZ1iPaqKx
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-