General
-
Target
NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe
-
Size
917KB
-
Sample
231111-mnnq2sdf8v
-
MD5
fa9bbec8337f2a15c9aa1599300370ad
-
SHA1
aeb714ec3d0c6ffe8ceba5686b0346d86e17893b
-
SHA256
d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2
-
SHA512
b070e16f5917ac76ea4ff6e6f4fc900cb68095f4ba13b0cfbacc1e92eef850f6fa0cf77aded69c8f658c08e2e0b2cbf2fd93e2ce3e2ce43e3c2536ddceef9bf7
-
SSDEEP
24576:lyRp4a5waeuIsyC/GXLYDXt0/sYSuvLm8pYs:ARpNJet9EG8K0YVqF
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe
-
Size
917KB
-
MD5
fa9bbec8337f2a15c9aa1599300370ad
-
SHA1
aeb714ec3d0c6ffe8ceba5686b0346d86e17893b
-
SHA256
d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2
-
SHA512
b070e16f5917ac76ea4ff6e6f4fc900cb68095f4ba13b0cfbacc1e92eef850f6fa0cf77aded69c8f658c08e2e0b2cbf2fd93e2ce3e2ce43e3c2536ddceef9bf7
-
SSDEEP
24576:lyRp4a5waeuIsyC/GXLYDXt0/sYSuvLm8pYs:ARpNJet9EG8K0YVqF
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-