General
-
Target
NEAS.feeb4979c5e1cd2496999f380690e6ad6ca8910ca5716a6f0bbe228457fbbbd3.exe
-
Size
511KB
-
Sample
231111-mnbfqadf7v
-
MD5
25dea92baa29c02848355de88eaeb58a
-
SHA1
33899e67d4f61fb24b786521b83ceee3822d331b
-
SHA256
feeb4979c5e1cd2496999f380690e6ad6ca8910ca5716a6f0bbe228457fbbbd3
-
SHA512
26e4cf611bd7eaa955608ea108361bd513b51e308d0699b78a91b49960282b823724b78417ba99e12d9a883e884c921799e201f8d00d183f2fff1023f43accec
-
SSDEEP
12288:5MrYy904PVwgJdw7rM9LvY8TUs2auB+4+wSR4FhCPqPRqiq/:9yLmYorUvYSz2auUUS6fwqZqiM
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.feeb4979c5e1cd2496999f380690e6ad6ca8910ca5716a6f0bbe228457fbbbd3.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.feeb4979c5e1cd2496999f380690e6ad6ca8910ca5716a6f0bbe228457fbbbd3.exe
-
Size
511KB
-
MD5
25dea92baa29c02848355de88eaeb58a
-
SHA1
33899e67d4f61fb24b786521b83ceee3822d331b
-
SHA256
feeb4979c5e1cd2496999f380690e6ad6ca8910ca5716a6f0bbe228457fbbbd3
-
SHA512
26e4cf611bd7eaa955608ea108361bd513b51e308d0699b78a91b49960282b823724b78417ba99e12d9a883e884c921799e201f8d00d183f2fff1023f43accec
-
SSDEEP
12288:5MrYy904PVwgJdw7rM9LvY8TUs2auB+4+wSR4FhCPqPRqiq/:9yLmYorUvYSz2auUUS6fwqZqiM
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-