General
-
Target
NEAS.1fa01f47d23194c0335d37488faa8a412c743f6a15805939f55529af813b577a.exe
-
Size
511KB
-
Sample
231111-meqjaadd7w
-
MD5
50870235cdee5126c889005064c9d887
-
SHA1
20d4654901783d3810d4bcfc06f7c9a8ccf40417
-
SHA256
1fa01f47d23194c0335d37488faa8a412c743f6a15805939f55529af813b577a
-
SHA512
230cc0cbb4c8c9eb6a917df2c728aebb8f3ac5eeaa33f3f2bcfda43f118539f9adf3b2a363a96a79c9e0ee6b67a951952b6ebee6ceafe345ff3ed9674ffd1fe0
-
SSDEEP
12288:sMr5y90eRWSJ+dBMqjY8TUs22uh+4+wSRbFgv4ly:9y78SJ+dBRYSz22u0US9Gn
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.1fa01f47d23194c0335d37488faa8a412c743f6a15805939f55529af813b577a.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.1fa01f47d23194c0335d37488faa8a412c743f6a15805939f55529af813b577a.exe
-
Size
511KB
-
MD5
50870235cdee5126c889005064c9d887
-
SHA1
20d4654901783d3810d4bcfc06f7c9a8ccf40417
-
SHA256
1fa01f47d23194c0335d37488faa8a412c743f6a15805939f55529af813b577a
-
SHA512
230cc0cbb4c8c9eb6a917df2c728aebb8f3ac5eeaa33f3f2bcfda43f118539f9adf3b2a363a96a79c9e0ee6b67a951952b6ebee6ceafe345ff3ed9674ffd1fe0
-
SSDEEP
12288:sMr5y90eRWSJ+dBMqjY8TUs22uh+4+wSRbFgv4ly:9y78SJ+dBRYSz22u0US9Gn
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-