General
-
Target
NEAS.913728936f5ac2d55ab9e59642a198e7f1d0b585b6fc5153c757823c8dc11aba.exe
-
Size
511KB
-
Sample
231111-mlny2aee76
-
MD5
67973a4dbb80488e677a7ef6b9b43891
-
SHA1
22fa72eea56b96651ced1c1bb3b0afb7e39977ce
-
SHA256
913728936f5ac2d55ab9e59642a198e7f1d0b585b6fc5153c757823c8dc11aba
-
SHA512
8f9abad6bd739ae176853e28105e2d01fc2e4169f53fd5843436eba1fb4cb70ddc464679051cf5ec511d98dcc0fdfe604ccb1fdf678cd0413bdec0fc3e41eb9c
-
SSDEEP
12288:5MrZy90AZmaqv7TVY8TUs2eu1+4+wSRiFpUA9pHi:gyBNwYSz2euoUS8zUAq
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.913728936f5ac2d55ab9e59642a198e7f1d0b585b6fc5153c757823c8dc11aba.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.913728936f5ac2d55ab9e59642a198e7f1d0b585b6fc5153c757823c8dc11aba.exe
-
Size
511KB
-
MD5
67973a4dbb80488e677a7ef6b9b43891
-
SHA1
22fa72eea56b96651ced1c1bb3b0afb7e39977ce
-
SHA256
913728936f5ac2d55ab9e59642a198e7f1d0b585b6fc5153c757823c8dc11aba
-
SHA512
8f9abad6bd739ae176853e28105e2d01fc2e4169f53fd5843436eba1fb4cb70ddc464679051cf5ec511d98dcc0fdfe604ccb1fdf678cd0413bdec0fc3e41eb9c
-
SSDEEP
12288:5MrZy90AZmaqv7TVY8TUs2eu1+4+wSRiFpUA9pHi:gyBNwYSz2euoUS8zUAq
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-