General
-
Target
NEAS.2a08446266b425a3d75ce4716d7543e0_JC.exe
-
Size
1.2MB
-
Sample
231017-z1eecsae99
-
MD5
2a08446266b425a3d75ce4716d7543e0
-
SHA1
92c8163bb2ab5684936adb837978d25d0ecbc3f4
-
SHA256
79a81e523b3975fb70a90dc17c117a1ddc587ca26fe5b812c1b5a0cf09f6736a
-
SHA512
65bd5f3e828a26cbf8c794b4c9976102d0f3ff958815a9bf87fe821eb29534d4774f8905845316b8dc81d292a87a85701c1172c2266a85efdc509b09ae41d6ef
-
SSDEEP
24576:hyTHiU0yUgvV0dmyJsPCYwjYukDJ4bAiELcxpolNk2:UmU0BgvV0jJsaYwHkt4bEcgNk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2a08446266b425a3d75ce4716d7543e0_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.2a08446266b425a3d75ce4716d7543e0_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Targets
-
-
Target
NEAS.2a08446266b425a3d75ce4716d7543e0_JC.exe
-
Size
1.2MB
-
MD5
2a08446266b425a3d75ce4716d7543e0
-
SHA1
92c8163bb2ab5684936adb837978d25d0ecbc3f4
-
SHA256
79a81e523b3975fb70a90dc17c117a1ddc587ca26fe5b812c1b5a0cf09f6736a
-
SHA512
65bd5f3e828a26cbf8c794b4c9976102d0f3ff958815a9bf87fe821eb29534d4774f8905845316b8dc81d292a87a85701c1172c2266a85efdc509b09ae41d6ef
-
SSDEEP
24576:hyTHiU0yUgvV0dmyJsPCYwjYukDJ4bAiELcxpolNk2:UmU0BgvV0jJsaYwHkt4bEcgNk
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1