General
-
Target
NEAS.0d72f00195531961afb7f8503e4d958638db654537f09a9239c64427bdc0d7a7.exe
-
Size
522KB
-
Sample
231111-mnfqfadf7x
-
MD5
8c1baa8bea7fd113ff351ead4d6b5291
-
SHA1
43c9e99978d00c3959c36c30976296ffd9fdb70e
-
SHA256
0d72f00195531961afb7f8503e4d958638db654537f09a9239c64427bdc0d7a7
-
SHA512
5359041ecab6b75773db47b3ff620da50bd1f42c241092d5261ffef135cd54d42f8ce7d9a9590d64b7d78ca97ec768ae4f8d24cac0f5a0ed522415ae823095b6
-
SSDEEP
12288:0MrFy90XU5ZTbS4UFcZRS5I84Bh9M6bJF:5yd3S42ceT4ZXJF
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.0d72f00195531961afb7f8503e4d958638db654537f09a9239c64427bdc0d7a7.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.0d72f00195531961afb7f8503e4d958638db654537f09a9239c64427bdc0d7a7.exe
-
Size
522KB
-
MD5
8c1baa8bea7fd113ff351ead4d6b5291
-
SHA1
43c9e99978d00c3959c36c30976296ffd9fdb70e
-
SHA256
0d72f00195531961afb7f8503e4d958638db654537f09a9239c64427bdc0d7a7
-
SHA512
5359041ecab6b75773db47b3ff620da50bd1f42c241092d5261ffef135cd54d42f8ce7d9a9590d64b7d78ca97ec768ae4f8d24cac0f5a0ed522415ae823095b6
-
SSDEEP
12288:0MrFy90XU5ZTbS4UFcZRS5I84Bh9M6bJF:5yd3S42ceT4ZXJF
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-