General
-
Target
NEAS.52fccafa3329ad996f0ee65dfbb1b9c3cab6fe03c50a6c984aa1168696bcd7fd.exe
-
Size
511KB
-
Sample
231111-mevs1aed38
-
MD5
07a124ac94dd5499d304e5357f9d5d43
-
SHA1
7ef4a91d56563d4f9d10b940f57b4ea43842fcbb
-
SHA256
52fccafa3329ad996f0ee65dfbb1b9c3cab6fe03c50a6c984aa1168696bcd7fd
-
SHA512
138d849e3e8d520e799346c87e239c09e8585c3d0ab73d22ea1b674ca6d9fc64a1ae6eef8f95bec3e34acb0dff2e8aa605cdf330e5d850823aad1fbf4daca7d8
-
SSDEEP
12288:XMr1y9033Qnw1gRY8TUs2eu1+4+wSRuFCUAkroAas:ayI3BKYSz2euoUSQUUAkroA7
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.52fccafa3329ad996f0ee65dfbb1b9c3cab6fe03c50a6c984aa1168696bcd7fd.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.52fccafa3329ad996f0ee65dfbb1b9c3cab6fe03c50a6c984aa1168696bcd7fd.exe
-
Size
511KB
-
MD5
07a124ac94dd5499d304e5357f9d5d43
-
SHA1
7ef4a91d56563d4f9d10b940f57b4ea43842fcbb
-
SHA256
52fccafa3329ad996f0ee65dfbb1b9c3cab6fe03c50a6c984aa1168696bcd7fd
-
SHA512
138d849e3e8d520e799346c87e239c09e8585c3d0ab73d22ea1b674ca6d9fc64a1ae6eef8f95bec3e34acb0dff2e8aa605cdf330e5d850823aad1fbf4daca7d8
-
SSDEEP
12288:XMr1y9033Qnw1gRY8TUs2eu1+4+wSRuFCUAkroAas:ayI3BKYSz2euoUSQUUAkroA7
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-