General
-
Target
NEAS.e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd.exe
-
Size
917KB
-
Sample
231111-mlkllsdf5t
-
MD5
ffde7377c5bb70e8cd95e49ed0f3a1ff
-
SHA1
7082039bc2193c9fdd860efcbc81b4d68735318e
-
SHA256
e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd
-
SHA512
ddf08217a277b0d75b24a0229f5066b64ec28fdbe849365626d1de09ab2ab9fa11610ddee4ab204521ae173474853639411f2146abf007639e4f16a001dc6a0d
-
SSDEEP
24576:3yySPF+aeuIsKC/G5LYDTLuQaiyTj3Pz:CyyHetzEGSm3
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd.exe
-
Size
917KB
-
MD5
ffde7377c5bb70e8cd95e49ed0f3a1ff
-
SHA1
7082039bc2193c9fdd860efcbc81b4d68735318e
-
SHA256
e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd
-
SHA512
ddf08217a277b0d75b24a0229f5066b64ec28fdbe849365626d1de09ab2ab9fa11610ddee4ab204521ae173474853639411f2146abf007639e4f16a001dc6a0d
-
SSDEEP
24576:3yySPF+aeuIsKC/G5LYDTLuQaiyTj3Pz:CyyHetzEGSm3
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-