General
-
Target
NEAS.aed86670c850810895e663f1602d7d2b19b4f0b39062b313b7ecee68dfa385bb.exe
-
Size
511KB
-
Sample
231111-mbzb1sdd31
-
MD5
8e0c9ab59a3841c5daa18c582162d1b8
-
SHA1
94212e5b708f692affe6f48a61111446825a4d11
-
SHA256
aed86670c850810895e663f1602d7d2b19b4f0b39062b313b7ecee68dfa385bb
-
SHA512
84fca843760f3d2e8a7fb3f12f9ba2432e26c6763a1d40f21c1f35732a4210226170d57c23b02e04ad2fab17e7d4bb298ed648a886116f9068aa753e2fe18ac7
-
SSDEEP
12288:BMrdy90S1OLEXUwFUSY8TUs2auB+4+wSRDFgCnqPRq6dEqE:YygEXbYSz2auUUS12IqZq6dEqE
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.aed86670c850810895e663f1602d7d2b19b4f0b39062b313b7ecee68dfa385bb.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.aed86670c850810895e663f1602d7d2b19b4f0b39062b313b7ecee68dfa385bb.exe
-
Size
511KB
-
MD5
8e0c9ab59a3841c5daa18c582162d1b8
-
SHA1
94212e5b708f692affe6f48a61111446825a4d11
-
SHA256
aed86670c850810895e663f1602d7d2b19b4f0b39062b313b7ecee68dfa385bb
-
SHA512
84fca843760f3d2e8a7fb3f12f9ba2432e26c6763a1d40f21c1f35732a4210226170d57c23b02e04ad2fab17e7d4bb298ed648a886116f9068aa753e2fe18ac7
-
SSDEEP
12288:BMrdy90S1OLEXUwFUSY8TUs2auB+4+wSRDFgCnqPRq6dEqE:YygEXbYSz2auUUS12IqZq6dEqE
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-