General
-
Target
NEAS.cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe
-
Size
917KB
-
Sample
231111-mgke2sed64
-
MD5
55c92c9d066595ad73adb426e0e8323b
-
SHA1
b6e3bc50e01fde7a05c6430135feb6a1cef04725
-
SHA256
cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1
-
SHA512
b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed
-
SSDEEP
24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1.exe
-
Size
917KB
-
MD5
55c92c9d066595ad73adb426e0e8323b
-
SHA1
b6e3bc50e01fde7a05c6430135feb6a1cef04725
-
SHA256
cd732d10374e32f6ffb254fd765cb62b3be65b7a394ab4eca96fb37d5f7f83f1
-
SHA512
b3576ff91930384582f67e2c3ab86f36769693f781b88557210170b05620c54d8bc54faa7893fd275af7554f0c2e007cb9828ed23ea1468ece6db93eaffb3eed
-
SSDEEP
24576:YyTs9czQSuaeuIsmC/GPLYDDnU3IoeZXDM:fYczJet5EG0k3Rep
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-