General
-
Target
NEAS.4f806a82b899b9438c737f09265a9655b0ccce02804613832f3bdd28c0cd50cf.exe
-
Size
522KB
-
Sample
231111-mdwc5sed33
-
MD5
a2705e9feb1410276ae45e629b8b3531
-
SHA1
9e1a878bc52bab18b71b4c89e3a3fe48a8f4ba23
-
SHA256
4f806a82b899b9438c737f09265a9655b0ccce02804613832f3bdd28c0cd50cf
-
SHA512
77eeca1aa676cec748867417a0095d1abc100ef0bb7ebf58893755eb49f9c35cb1eee1b6551fd501132ac4bbc0a8a9b1dd4063fbb68b9a07bf97fb0fded62608
-
SSDEEP
12288:wMr1y90ZR4ayVTjmtB2vaDxCOItZN1ViuhgrJUBW:Vy0OaETyP2SVCvnN13gl6W
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.4f806a82b899b9438c737f09265a9655b0ccce02804613832f3bdd28c0cd50cf.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.4f806a82b899b9438c737f09265a9655b0ccce02804613832f3bdd28c0cd50cf.exe
-
Size
522KB
-
MD5
a2705e9feb1410276ae45e629b8b3531
-
SHA1
9e1a878bc52bab18b71b4c89e3a3fe48a8f4ba23
-
SHA256
4f806a82b899b9438c737f09265a9655b0ccce02804613832f3bdd28c0cd50cf
-
SHA512
77eeca1aa676cec748867417a0095d1abc100ef0bb7ebf58893755eb49f9c35cb1eee1b6551fd501132ac4bbc0a8a9b1dd4063fbb68b9a07bf97fb0fded62608
-
SSDEEP
12288:wMr1y90ZR4ayVTjmtB2vaDxCOItZN1ViuhgrJUBW:Vy0OaETyP2SVCvnN13gl6W
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-