General
-
Target
NEAS.bfe031c2c1494621564ade351ecd68c76632c6b42bae7e12e6225cb4df5440c3.exe
-
Size
1.3MB
-
Sample
231111-mn6a4adf8y
-
MD5
7b69a1e71b3535c039ba22cdb40afd67
-
SHA1
3dbe9fbfff4731c66fcafecbb1f71f834febbf27
-
SHA256
bfe031c2c1494621564ade351ecd68c76632c6b42bae7e12e6225cb4df5440c3
-
SHA512
fa83d1e9460f134e1626afb73177aa7eb077d1d3822a72d47c02cabd820b29914a89b7bcd3cc59bdc4629b9a45fa4d7a531988c48fc9c44a8fc6e76fc699f8c6
-
SSDEEP
24576:Oy9r4X0FW+M1KCae9IsNCwGzfZDMz3WTOkXSOQr5S4r8eLNLan:d9r4X0WgLeuybGtYIOiSp558SLa
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.bfe031c2c1494621564ade351ecd68c76632c6b42bae7e12e6225cb4df5440c3.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.bfe031c2c1494621564ade351ecd68c76632c6b42bae7e12e6225cb4df5440c3.exe
-
Size
1.3MB
-
MD5
7b69a1e71b3535c039ba22cdb40afd67
-
SHA1
3dbe9fbfff4731c66fcafecbb1f71f834febbf27
-
SHA256
bfe031c2c1494621564ade351ecd68c76632c6b42bae7e12e6225cb4df5440c3
-
SHA512
fa83d1e9460f134e1626afb73177aa7eb077d1d3822a72d47c02cabd820b29914a89b7bcd3cc59bdc4629b9a45fa4d7a531988c48fc9c44a8fc6e76fc699f8c6
-
SSDEEP
24576:Oy9r4X0FW+M1KCae9IsNCwGzfZDMz3WTOkXSOQr5S4r8eLNLan:d9r4X0WgLeuybGtYIOiSp558SLa
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-