General
-
Target
NEAS.59a3dabd76a36a299ffd00f06ed1950801e21d55d9e3fd2be91af17b63d7c697.exe
-
Size
511KB
-
Sample
231111-mk9t4sdf31
-
MD5
9239274114b0c18953b3dee86647b32b
-
SHA1
38a1f39cdeb1aa5693ea3b22eea1cc21a048e55a
-
SHA256
59a3dabd76a36a299ffd00f06ed1950801e21d55d9e3fd2be91af17b63d7c697
-
SHA512
3db7f07478b8c9e31e0ec915b48be6e72e34164f2434ae9fe85c583e0e7c3fd9c756337be9e31a51468e21b11b18ef13e55186017daf1e19b9d6d73e12303eb7
-
SSDEEP
12288:+Mrby90lQrN8oH6pxJwiQziqY8TUs2auB+4+wSRhFax6mgqPRqZ9KxKe:tyrlH6eYSz2auUUS3sx6mgqZqZ9/e
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.59a3dabd76a36a299ffd00f06ed1950801e21d55d9e3fd2be91af17b63d7c697.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.59a3dabd76a36a299ffd00f06ed1950801e21d55d9e3fd2be91af17b63d7c697.exe
-
Size
511KB
-
MD5
9239274114b0c18953b3dee86647b32b
-
SHA1
38a1f39cdeb1aa5693ea3b22eea1cc21a048e55a
-
SHA256
59a3dabd76a36a299ffd00f06ed1950801e21d55d9e3fd2be91af17b63d7c697
-
SHA512
3db7f07478b8c9e31e0ec915b48be6e72e34164f2434ae9fe85c583e0e7c3fd9c756337be9e31a51468e21b11b18ef13e55186017daf1e19b9d6d73e12303eb7
-
SSDEEP
12288:+Mrby90lQrN8oH6pxJwiQziqY8TUs2auB+4+wSRhFax6mgqPRqZ9KxKe:tyrlH6eYSz2auUUS3sx6mgqZqZ9/e
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-