General
-
Target
NEAS.bed9d12b5ad4bdb86c0fa2ab9df14008c33b67d56b0df31bd0b24dcb0f34d93f.exe
-
Size
522KB
-
Sample
231111-mk4m4aee55
-
MD5
809c2494139568d024bbbc96804dff3b
-
SHA1
24307ecce43105bf40d5be8b3265c42395ea9572
-
SHA256
bed9d12b5ad4bdb86c0fa2ab9df14008c33b67d56b0df31bd0b24dcb0f34d93f
-
SHA512
b249f98b335d2c470eb1d65863802066caca665fffc2e1552188ee4fa3e2fafb571fa4579def4d671ea0c90f5f4b671303a90f4df9dc1a5e14e2e7ef0f4aade0
-
SSDEEP
12288:gMrvy90oUVLIQKakn+CftEMag3Ea1IAH5qt+:/yqkQK3Je4KAHAg
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bed9d12b5ad4bdb86c0fa2ab9df14008c33b67d56b0df31bd0b24dcb0f34d93f.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.bed9d12b5ad4bdb86c0fa2ab9df14008c33b67d56b0df31bd0b24dcb0f34d93f.exe
-
Size
522KB
-
MD5
809c2494139568d024bbbc96804dff3b
-
SHA1
24307ecce43105bf40d5be8b3265c42395ea9572
-
SHA256
bed9d12b5ad4bdb86c0fa2ab9df14008c33b67d56b0df31bd0b24dcb0f34d93f
-
SHA512
b249f98b335d2c470eb1d65863802066caca665fffc2e1552188ee4fa3e2fafb571fa4579def4d671ea0c90f5f4b671303a90f4df9dc1a5e14e2e7ef0f4aade0
-
SSDEEP
12288:gMrvy90oUVLIQKakn+CftEMag3Ea1IAH5qt+:/yqkQK3Je4KAHAg
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-