General
-
Target
NEAS.37e556cc6b44a626b018f8688bda06a0_JC.exe
-
Size
934KB
-
Sample
231105-cnyadabe88
-
MD5
37e556cc6b44a626b018f8688bda06a0
-
SHA1
eadbabad68cd9ef1f60bf1878637910027ce2435
-
SHA256
8445a1735f8a4bcbb8dc692a63e96b516afc7f4632ac63689f7cdde2aa8de329
-
SHA512
e7da4ef2d75023b3e978c619e0bcfda34f9bb2bde34f4046c842e43b09fff6e6ca1b097f77b06d0edc864dd56d21d892ff99af04b4282f0724134999c8b83912
-
SSDEEP
24576:6yZychi6MZCxusOMPdeNn7oNQVaraOIk3:BZycYZzCkn52I
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.37e556cc6b44a626b018f8688bda06a0_JC.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
lutyr
77.91.124.55:19071
Targets
-
-
Target
NEAS.37e556cc6b44a626b018f8688bda06a0_JC.exe
-
Size
934KB
-
MD5
37e556cc6b44a626b018f8688bda06a0
-
SHA1
eadbabad68cd9ef1f60bf1878637910027ce2435
-
SHA256
8445a1735f8a4bcbb8dc692a63e96b516afc7f4632ac63689f7cdde2aa8de329
-
SHA512
e7da4ef2d75023b3e978c619e0bcfda34f9bb2bde34f4046c842e43b09fff6e6ca1b097f77b06d0edc864dd56d21d892ff99af04b4282f0724134999c8b83912
-
SSDEEP
24576:6yZychi6MZCxusOMPdeNn7oNQVaraOIk3:BZycYZzCkn52I
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-