General
-
Target
NEAS.85eec185cfeafdc1bf5c97a73f5d22728642ec85f6e01de72c1b555563c8d2b0.exe
-
Size
511KB
-
Sample
231111-mgtcysed68
-
MD5
c5c152c7120070844b2a3c1e47d324fb
-
SHA1
36c4e3fa3e4bc743a1c98a3e362f523d8ef275be
-
SHA256
85eec185cfeafdc1bf5c97a73f5d22728642ec85f6e01de72c1b555563c8d2b0
-
SHA512
d975954b0895345b423025d3ba856b7d9c25f94749caf267c3b13a9f812352e39550c11769751dd974c63b31f843c69ad82ba285b8c62be82eaeeaff67814116
-
SSDEEP
12288:EMrJy90VJF0CDf8wuqwbgXUcY8TUs26uN+4+wSRfFEGuUA9kh3:9ycF0Of8rMYSz26uQUS1KRUAC3
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.85eec185cfeafdc1bf5c97a73f5d22728642ec85f6e01de72c1b555563c8d2b0.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.85eec185cfeafdc1bf5c97a73f5d22728642ec85f6e01de72c1b555563c8d2b0.exe
-
Size
511KB
-
MD5
c5c152c7120070844b2a3c1e47d324fb
-
SHA1
36c4e3fa3e4bc743a1c98a3e362f523d8ef275be
-
SHA256
85eec185cfeafdc1bf5c97a73f5d22728642ec85f6e01de72c1b555563c8d2b0
-
SHA512
d975954b0895345b423025d3ba856b7d9c25f94749caf267c3b13a9f812352e39550c11769751dd974c63b31f843c69ad82ba285b8c62be82eaeeaff67814116
-
SSDEEP
12288:EMrJy90VJF0CDf8wuqwbgXUcY8TUs26uN+4+wSRfFEGuUA9kh3:9ycF0Of8rMYSz26uQUS1KRUAC3
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-