General
-
Target
NEAS.30b1d024147aa37722a8a7ce9a1e9570.exe
-
Size
1.1MB
-
Sample
231021-z4sq6adf26
-
MD5
30b1d024147aa37722a8a7ce9a1e9570
-
SHA1
d0d43285720b4891bdefce6d1118f928ae7f6104
-
SHA256
d260b91a13a881b6013c9956842f2943e567f964a9107e4ce3a900094caca5e6
-
SHA512
54c3eb8007a1297dfaac748e00baa622ac332a3471abe1ea8f45abb3d57ba781f6a4f056acb3ca6a144e423713e840d6cbfa8fce9ca203c92ed4531dfed90d61
-
SSDEEP
24576:hfyJh/lbJy3QxNjeHQGNCGDGgM4O9/QmZPGyz56gQQXQC9:IpbJJutN7DBM7lPZ/or
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.30b1d024147aa37722a8a7ce9a1e9570.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.30b1d024147aa37722a8a7ce9a1e9570.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
lutyr
77.91.124.55:19071
Targets
-
-
Target
NEAS.30b1d024147aa37722a8a7ce9a1e9570.exe
-
Size
1.1MB
-
MD5
30b1d024147aa37722a8a7ce9a1e9570
-
SHA1
d0d43285720b4891bdefce6d1118f928ae7f6104
-
SHA256
d260b91a13a881b6013c9956842f2943e567f964a9107e4ce3a900094caca5e6
-
SHA512
54c3eb8007a1297dfaac748e00baa622ac332a3471abe1ea8f45abb3d57ba781f6a4f056acb3ca6a144e423713e840d6cbfa8fce9ca203c92ed4531dfed90d61
-
SSDEEP
24576:hfyJh/lbJy3QxNjeHQGNCGDGgM4O9/QmZPGyz56gQQXQC9:IpbJJutN7DBM7lPZ/or
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-