General
-
Target
NEAS.2f1d19f90db1a28d3c016371b2827e80.exe
-
Size
399KB
-
Sample
231031-ksx46sbf4s
-
MD5
2f1d19f90db1a28d3c016371b2827e80
-
SHA1
978c6313505dcd7ec1a86dbbb3ca8f40a0d9db13
-
SHA256
9bd64380f9fc0adef717f8f104d2ee9917a798a9d4ac1034fa716ac47ff08dce
-
SHA512
3b7a8cbe80109dc9b97e5c54e5bb1288017bfe41d765c4d865a88584815ee1ffdf44b092672f78bcf16fae6cc96fe14370051e29cc70495e80a01dc4161331ee
-
SSDEEP
6144:Kpy+bnr+Z1p0yN90QEHOoHZHQUEn7epJEGb8r2gxhWoqnrRa2uADXwJIExqrlRvi:nMrDy90RhK7g9b0FHOnNXgy/pt1M
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.2f1d19f90db1a28d3c016371b2827e80.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
gruha
77.91.124.55:19071
-
auth_value
2f4cf2e668a540e64775b27535cc6892
Targets
-
-
Target
NEAS.2f1d19f90db1a28d3c016371b2827e80.exe
-
Size
399KB
-
MD5
2f1d19f90db1a28d3c016371b2827e80
-
SHA1
978c6313505dcd7ec1a86dbbb3ca8f40a0d9db13
-
SHA256
9bd64380f9fc0adef717f8f104d2ee9917a798a9d4ac1034fa716ac47ff08dce
-
SHA512
3b7a8cbe80109dc9b97e5c54e5bb1288017bfe41d765c4d865a88584815ee1ffdf44b092672f78bcf16fae6cc96fe14370051e29cc70495e80a01dc4161331ee
-
SSDEEP
6144:Kpy+bnr+Z1p0yN90QEHOoHZHQUEn7epJEGb8r2gxhWoqnrRa2uADXwJIExqrlRvi:nMrDy90RhK7g9b0FHOnNXgy/pt1M
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-