General
-
Target
NEAS.89a72381b6c03100fe298d8d478e12e5afe9efdd66f702dc1533ad93f5edecb5.exe
-
Size
511KB
-
Sample
231111-mh9rbsde61
-
MD5
f197320d2f35759d97f508832d01de1d
-
SHA1
f82641ce3bcb947e590d9f6c9ad3703766cdebdb
-
SHA256
89a72381b6c03100fe298d8d478e12e5afe9efdd66f702dc1533ad93f5edecb5
-
SHA512
9cbc19c5606a04ab265af5a2f853216b0d2099612bc8a0f6c64c53926e37ad778ba666f29947b87eb9a4fbf1df11f0df7a22347261ad8b96d728c14f59dcd4a2
-
SSDEEP
12288:jMrsy90ywCrCI0xGxiwkVEY8TUs2Cux+4+wSR8Fx3GiAGUDX:3yM6BAEYSz2CuEUS+aiAn
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.89a72381b6c03100fe298d8d478e12e5afe9efdd66f702dc1533ad93f5edecb5.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.89a72381b6c03100fe298d8d478e12e5afe9efdd66f702dc1533ad93f5edecb5.exe
-
Size
511KB
-
MD5
f197320d2f35759d97f508832d01de1d
-
SHA1
f82641ce3bcb947e590d9f6c9ad3703766cdebdb
-
SHA256
89a72381b6c03100fe298d8d478e12e5afe9efdd66f702dc1533ad93f5edecb5
-
SHA512
9cbc19c5606a04ab265af5a2f853216b0d2099612bc8a0f6c64c53926e37ad778ba666f29947b87eb9a4fbf1df11f0df7a22347261ad8b96d728c14f59dcd4a2
-
SSDEEP
12288:jMrsy90ywCrCI0xGxiwkVEY8TUs2Cux+4+wSR8Fx3GiAGUDX:3yM6BAEYSz2CuEUS+aiAn
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-