General
-
Target
NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe
-
Size
917KB
-
Sample
231111-mh9fkade6z
-
MD5
fe4b1bb2a1c62a725fde05966feb1ba1
-
SHA1
0d8622306a0396b9f9405cc1dcd8dd9665df58be
-
SHA256
0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201
-
SHA512
0a2de1420b40054f3018072bde54cecf15addd2d228798bec93a967f400faf0d0bf89aff1adb83a4e92d7d336480879d3c5bc6d8b9f1cc22c09caff49b3941ec
-
SSDEEP
24576:dyG2QdhO81i/aeuIs+C/GzLYDXVGkSR5KGnMZXBkfKfm:4G22O81iietBEG4MB5KsEXYK
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201.exe
-
Size
917KB
-
MD5
fe4b1bb2a1c62a725fde05966feb1ba1
-
SHA1
0d8622306a0396b9f9405cc1dcd8dd9665df58be
-
SHA256
0318a39c985b9af2d7fb6d6fe9d56eb1c464545d4994db3508b54d42987e1201
-
SHA512
0a2de1420b40054f3018072bde54cecf15addd2d228798bec93a967f400faf0d0bf89aff1adb83a4e92d7d336480879d3c5bc6d8b9f1cc22c09caff49b3941ec
-
SSDEEP
24576:dyG2QdhO81i/aeuIs+C/GzLYDXVGkSR5KGnMZXBkfKfm:4G22O81iietBEG4MB5KsEXYK
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-