General
-
Target
NEAS.e264c4ea0b3124dccf31a27a2d682200_JC.exe
-
Size
824KB
-
Sample
231104-x3gamade2w
-
MD5
e264c4ea0b3124dccf31a27a2d682200
-
SHA1
ae7881bed5acbbd49060ddf8ab41a11f4f483c01
-
SHA256
9574e132aa8aef22d17d322499327ffe8872edadddd96954075f9d4b4cce3700
-
SHA512
7d81ace62f9d33d7410c363d05268de45beeba5c59cfaa65783cd620fe6d3a540c81b9db3f7ea258fb55156ead60edabf06547ec2191d06e1068d93a4a143661
-
SSDEEP
24576:lyR07Ov1w7spxp6rXG5d3rItIUG1BEE2yPvW6M:AR0qu7MbJVrJUG1BEEp
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e264c4ea0b3124dccf31a27a2d682200_JC.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
gigant
77.91.124.55:19071
Targets
-
-
Target
NEAS.e264c4ea0b3124dccf31a27a2d682200_JC.exe
-
Size
824KB
-
MD5
e264c4ea0b3124dccf31a27a2d682200
-
SHA1
ae7881bed5acbbd49060ddf8ab41a11f4f483c01
-
SHA256
9574e132aa8aef22d17d322499327ffe8872edadddd96954075f9d4b4cce3700
-
SHA512
7d81ace62f9d33d7410c363d05268de45beeba5c59cfaa65783cd620fe6d3a540c81b9db3f7ea258fb55156ead60edabf06547ec2191d06e1068d93a4a143661
-
SSDEEP
24576:lyR07Ov1w7spxp6rXG5d3rItIUG1BEE2yPvW6M:AR0qu7MbJVrJUG1BEEp
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-