General
-
Target
NEAS.025d5b38468a58fa6ebfbfb6079cf4a47fa58f800677d60963fc9cfa96234289.exe
-
Size
511KB
-
Sample
231111-me74bsdd8v
-
MD5
330c2d229d79afd0c4100c125a37841e
-
SHA1
8a03d14ffa4d597db55cc98fd44d402232cdc8bc
-
SHA256
025d5b38468a58fa6ebfbfb6079cf4a47fa58f800677d60963fc9cfa96234289
-
SHA512
059fc460d18830db92219ef8b8bd4d58c6135e0b3331ae229db4f34f319019c270b23eb7d68560f4b19cedc42bd6fdaad508ea167c0c56966e92cfc32f6b7745
-
SSDEEP
12288:9Mrky90/wXl0fsueSYwY8TUs2AuX+4+wSRtFfJkoqPRqC2:Zy/0fsvOYSz2AuuUSzfkoqZqC2
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.025d5b38468a58fa6ebfbfb6079cf4a47fa58f800677d60963fc9cfa96234289.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.025d5b38468a58fa6ebfbfb6079cf4a47fa58f800677d60963fc9cfa96234289.exe
-
Size
511KB
-
MD5
330c2d229d79afd0c4100c125a37841e
-
SHA1
8a03d14ffa4d597db55cc98fd44d402232cdc8bc
-
SHA256
025d5b38468a58fa6ebfbfb6079cf4a47fa58f800677d60963fc9cfa96234289
-
SHA512
059fc460d18830db92219ef8b8bd4d58c6135e0b3331ae229db4f34f319019c270b23eb7d68560f4b19cedc42bd6fdaad508ea167c0c56966e92cfc32f6b7745
-
SSDEEP
12288:9Mrky90/wXl0fsueSYwY8TUs2AuX+4+wSRtFfJkoqPRqC2:Zy/0fsvOYSz2AuuUSzfkoqZqC2
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-