General
-
Target
NEAS.1d9781c44840ba3eb6f1d6df22c644a835785c9ae068bf4afee7ba9f288d36b0.exe
-
Size
511KB
-
Sample
231111-medvgsdd7s
-
MD5
84f9bca86f19e071b26343f494c128b5
-
SHA1
3e0ee5f2a7b105f3f79e6d4a42d8abcb0c517dac
-
SHA256
1d9781c44840ba3eb6f1d6df22c644a835785c9ae068bf4afee7ba9f288d36b0
-
SHA512
1ae231a2545d56e80e404cdb92747f9635fba12f625d53d6fa3e1f6b501712f1207469e6ee1d07bcd18d47894be69888d687c32e7e74f9cbca3fa2d18f959ba6
-
SSDEEP
12288:XMrIy90CJC9K/ZvIRVNew3rM+L8Y8TUs2euF+4+wSRSFfCiqPRqlp1tre:/y9NIRlrL8YSz2eu4USMdRqZqlpDre
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.1d9781c44840ba3eb6f1d6df22c644a835785c9ae068bf4afee7ba9f288d36b0.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.1d9781c44840ba3eb6f1d6df22c644a835785c9ae068bf4afee7ba9f288d36b0.exe
-
Size
511KB
-
MD5
84f9bca86f19e071b26343f494c128b5
-
SHA1
3e0ee5f2a7b105f3f79e6d4a42d8abcb0c517dac
-
SHA256
1d9781c44840ba3eb6f1d6df22c644a835785c9ae068bf4afee7ba9f288d36b0
-
SHA512
1ae231a2545d56e80e404cdb92747f9635fba12f625d53d6fa3e1f6b501712f1207469e6ee1d07bcd18d47894be69888d687c32e7e74f9cbca3fa2d18f959ba6
-
SSDEEP
12288:XMrIy90CJC9K/ZvIRVNew3rM+L8Y8TUs2euF+4+wSRSFfCiqPRqlp1tre:/y9NIRlrL8YSz2eu4USMdRqZqlpDre
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-