General
-
Target
NEAS.5153f686fa4f3877750b988cbac42c72584c94e70e059a7686dd76adc933e893.exe
-
Size
522KB
-
Sample
231111-ml4pgsdf51
-
MD5
2450d284205c1df44fbae3a51c547384
-
SHA1
f4c552fd2804a3ca229f489de619e735a6b32f87
-
SHA256
5153f686fa4f3877750b988cbac42c72584c94e70e059a7686dd76adc933e893
-
SHA512
04cfde71b150dc0a06351c0f8f1a9ca73a5833511a5af28f0dd5c65842dc06e51d27e74b5408ffb415705ac5f612dd074d628840b570db46905854ea17afa05c
-
SSDEEP
12288:aMrPy90tP4tMMq1YOSQH5+wSp17XASvot3gzaH3w7:1yQkk+OSQJ3gzWw7
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.5153f686fa4f3877750b988cbac42c72584c94e70e059a7686dd76adc933e893.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.5153f686fa4f3877750b988cbac42c72584c94e70e059a7686dd76adc933e893.exe
-
Size
522KB
-
MD5
2450d284205c1df44fbae3a51c547384
-
SHA1
f4c552fd2804a3ca229f489de619e735a6b32f87
-
SHA256
5153f686fa4f3877750b988cbac42c72584c94e70e059a7686dd76adc933e893
-
SHA512
04cfde71b150dc0a06351c0f8f1a9ca73a5833511a5af28f0dd5c65842dc06e51d27e74b5408ffb415705ac5f612dd074d628840b570db46905854ea17afa05c
-
SSDEEP
12288:aMrPy90tP4tMMq1YOSQH5+wSp17XASvot3gzaH3w7:1yQkk+OSQJ3gzWw7
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-