General
-
Target
NEAS.fca3e61a2dd4aa0b31816068ca9ed14436491d3ad62ee7169ccd94cd3a76d3b8.exe
-
Size
511KB
-
Sample
231111-mfkpesdd9s
-
MD5
57006303f19855a3084de1bed4a9992c
-
SHA1
a3784357afe06f24cb27aac53e763fda4cac1b39
-
SHA256
fca3e61a2dd4aa0b31816068ca9ed14436491d3ad62ee7169ccd94cd3a76d3b8
-
SHA512
9d79aa95a20743aa67d1a0c524ada3e428368045a5c5b97420caeeb380acfe98c822361d3631ba249b11a6ca6034e0b9e0be2dd6837d418635172d0e8c2860a9
-
SSDEEP
12288:AMrLy90fMm8dCcPiGDku3+wcWMiGaY8TUs2EuX+4+wSR2FTpAvfQ1+0kB2h:byuMmuPtALWx/YSz2EuuUSUEGCBk
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.fca3e61a2dd4aa0b31816068ca9ed14436491d3ad62ee7169ccd94cd3a76d3b8.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.fca3e61a2dd4aa0b31816068ca9ed14436491d3ad62ee7169ccd94cd3a76d3b8.exe
-
Size
511KB
-
MD5
57006303f19855a3084de1bed4a9992c
-
SHA1
a3784357afe06f24cb27aac53e763fda4cac1b39
-
SHA256
fca3e61a2dd4aa0b31816068ca9ed14436491d3ad62ee7169ccd94cd3a76d3b8
-
SHA512
9d79aa95a20743aa67d1a0c524ada3e428368045a5c5b97420caeeb380acfe98c822361d3631ba249b11a6ca6034e0b9e0be2dd6837d418635172d0e8c2860a9
-
SSDEEP
12288:AMrLy90fMm8dCcPiGDku3+wcWMiGaY8TUs2EuX+4+wSR2FTpAvfQ1+0kB2h:byuMmuPtALWx/YSz2EuuUSUEGCBk
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-