General
-
Target
NEAS.c66fb8fbea8c3b399d02bc164b98aad6210d6903045a17f37f8b2732653231f0.exe
-
Size
511KB
-
Sample
231111-mcwyaaec97
-
MD5
98be1b9a3590de874f72cdc4d971e39c
-
SHA1
284f405d235eb5f5a32cea90eb5232d2146a613d
-
SHA256
c66fb8fbea8c3b399d02bc164b98aad6210d6903045a17f37f8b2732653231f0
-
SHA512
4efbbdf6e7cff625c5892db8bc281695e171a6fd3bf6de63105a321f5ef3cb1c1b8ffccf6fd1e8590d1fa4e2f76c1ccceaeef0d508ae5a68875fce5f385aca6e
-
SSDEEP
12288:sMr9y90ufjuDgvwTKxYe2wlXjLY8TUs24u/+4+wSRrFfDHNqPRqOg:5ytbmxUfYSz24umUSpZtqZqOg
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.c66fb8fbea8c3b399d02bc164b98aad6210d6903045a17f37f8b2732653231f0.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.c66fb8fbea8c3b399d02bc164b98aad6210d6903045a17f37f8b2732653231f0.exe
-
Size
511KB
-
MD5
98be1b9a3590de874f72cdc4d971e39c
-
SHA1
284f405d235eb5f5a32cea90eb5232d2146a613d
-
SHA256
c66fb8fbea8c3b399d02bc164b98aad6210d6903045a17f37f8b2732653231f0
-
SHA512
4efbbdf6e7cff625c5892db8bc281695e171a6fd3bf6de63105a321f5ef3cb1c1b8ffccf6fd1e8590d1fa4e2f76c1ccceaeef0d508ae5a68875fce5f385aca6e
-
SSDEEP
12288:sMr9y90ufjuDgvwTKxYe2wlXjLY8TUs24u/+4+wSRrFfDHNqPRqOg:5ytbmxUfYSz24umUSpZtqZqOg
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-