General
-
Target
NEAS.58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648.exe
-
Size
522KB
-
Sample
231111-mcwmhsdd5v
-
MD5
27dffe6a01bee3e0ee0949a3df239bf0
-
SHA1
20d9d845df3959952ed5246547ffe75656579963
-
SHA256
58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648
-
SHA512
9e10d2ae5b2786fbd2a4755f9b45f1e05cf01a24a7e3beeb3e7ae86574e3338bd08e5711dfdbee8cba25870ce1faf9945a90302413d022c4150575e7c96829a0
-
SSDEEP
12288:lMrty90GxYxVLfDOjFr/LxL2RrHlUEwAUkSFL:IyLxIVLfMx/lLKpOkSt
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648.exe
-
Size
522KB
-
MD5
27dffe6a01bee3e0ee0949a3df239bf0
-
SHA1
20d9d845df3959952ed5246547ffe75656579963
-
SHA256
58a14f9b353f2c87857a57262951b83d479a20e4ed8c90a2d4152f78a9144648
-
SHA512
9e10d2ae5b2786fbd2a4755f9b45f1e05cf01a24a7e3beeb3e7ae86574e3338bd08e5711dfdbee8cba25870ce1faf9945a90302413d022c4150575e7c96829a0
-
SSDEEP
12288:lMrty90GxYxVLfDOjFr/LxL2RrHlUEwAUkSFL:IyLxIVLfMx/lLKpOkSt
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-