General
-
Target
NEAS.9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74.exe
-
Size
917KB
-
Sample
231111-mh147aed95
-
MD5
e7435f6008850204e11809aa44a42237
-
SHA1
6068ae95fc2b3152f58b00532ddef79369f99d76
-
SHA256
9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74
-
SHA512
585cceb7091a67b6e2a9da28aefbca57fa16a8afd1b8f80b72df52f43dcbdae69201de69c2411a4504d9b52dda1d9858de8d49ea650a296cf38c4c08ec4171b6
-
SSDEEP
24576:Uy/mjCNlpYlKaeuIsiC/GnLYD/uf3Y4IYC/ncU1yDypZl:j/MCbOjetLEGs8lC/nrZpZ
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74.exe
-
Size
917KB
-
MD5
e7435f6008850204e11809aa44a42237
-
SHA1
6068ae95fc2b3152f58b00532ddef79369f99d76
-
SHA256
9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74
-
SHA512
585cceb7091a67b6e2a9da28aefbca57fa16a8afd1b8f80b72df52f43dcbdae69201de69c2411a4504d9b52dda1d9858de8d49ea650a296cf38c4c08ec4171b6
-
SSDEEP
24576:Uy/mjCNlpYlKaeuIsiC/GnLYD/uf3Y4IYC/ncU1yDypZl:j/MCbOjetLEGs8lC/nrZpZ
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-