General
-
Target
NEAS.33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8.exe
-
Size
511KB
-
Sample
231111-mjeycaee25
-
MD5
9f119b2275bc77f37003418eda186ce3
-
SHA1
5b65a7cfbb42215c1069729e198d72fa0bb46d07
-
SHA256
33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8
-
SHA512
6a9ab923a3a77c52dfec94ae2c310cd64713bab8e28b8f93662bcd460db6b05a614b413e1a89c5ee4501648ce89e339868b5dd1a7f55604f625c4fa9fa248584
-
SSDEEP
12288:KMrVy90G2+6MwzY8TUs2QuX+4+wSRzFGVfQDjB:vy576M8YSz2QuuUS9YVfQnB
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8.exe
-
Size
511KB
-
MD5
9f119b2275bc77f37003418eda186ce3
-
SHA1
5b65a7cfbb42215c1069729e198d72fa0bb46d07
-
SHA256
33f24c0a005d70db1f15cd415a5d76795ef8877b82547b005846a602c3ea73e8
-
SHA512
6a9ab923a3a77c52dfec94ae2c310cd64713bab8e28b8f93662bcd460db6b05a614b413e1a89c5ee4501648ce89e339868b5dd1a7f55604f625c4fa9fa248584
-
SSDEEP
12288:KMrVy90G2+6MwzY8TUs2QuX+4+wSRzFGVfQDjB:vy576M8YSz2QuuUS9YVfQnB
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-