General
-
Target
NEAS.be9c6334a9f060d8e383c10608a271a0.exe
-
Size
1.4MB
-
Sample
231103-t58wwaeh8v
-
MD5
be9c6334a9f060d8e383c10608a271a0
-
SHA1
89958e3ef709d8e05e9b5bae33d09149098dc0d1
-
SHA256
7252b3ba9094d91a1e12f9c9944f24ccf25c9a4c75e7f7e3380ca37b8e6bfbcd
-
SHA512
094c026745ecc79e088cc0cdc4387c1f254a3d2c4e755234d914e399bda1bd6dddd5777f1e7bf1bdaa4a81ed9dab11cf4501fd363131a0309643a9e1f90def5b
-
SSDEEP
24576:lyU/Q553sqM2nXWkJ0MT9opnaX6RXVX6iU3jA7MvnhwmEY3Ji8KeMGCfY:An558NCXW4B96aX4XVXK3IMpFEYJi8KI
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.be9c6334a9f060d8e383c10608a271a0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
frant
77.91.124.55:19071
Extracted
amadey
3.89
http://77.91.124.1/theme/index.php
-
install_dir
fefffe8cea
-
install_file
explothe.exe
-
strings_key
36a96139c1118a354edf72b1080d4b2f
Targets
-
-
Target
NEAS.be9c6334a9f060d8e383c10608a271a0.exe
-
Size
1.4MB
-
MD5
be9c6334a9f060d8e383c10608a271a0
-
SHA1
89958e3ef709d8e05e9b5bae33d09149098dc0d1
-
SHA256
7252b3ba9094d91a1e12f9c9944f24ccf25c9a4c75e7f7e3380ca37b8e6bfbcd
-
SHA512
094c026745ecc79e088cc0cdc4387c1f254a3d2c4e755234d914e399bda1bd6dddd5777f1e7bf1bdaa4a81ed9dab11cf4501fd363131a0309643a9e1f90def5b
-
SSDEEP
24576:lyU/Q553sqM2nXWkJ0MT9opnaX6RXVX6iU3jA7MvnhwmEY3Ji8KeMGCfY:An558NCXW4B96aX4XVXK3IMpFEYJi8KI
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Create or Modify System Process
1Windows Service
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Scheduled Task/Job
1