General
-
Target
NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe
-
Size
1.3MB
-
Sample
231111-mnwfwsee97
-
MD5
1479ee68750242f019956fd3443e761a
-
SHA1
8253aebd1a754172c192e1e9ffd1d5e7a9af4ea7
-
SHA256
7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391
-
SHA512
164f9acc32622d68033454087ef21e3101e02d938f82c3b7c993ded4624d469604372c8b339539c852c85f7dde2fe05ba6298aec1fb699ef768e765562b0b03b
-
SSDEEP
24576:3y3B0B/2xS0WWvaeoIs2CFG0pYDNQcrc/0a2ODjjIN3JvMeZKMGeWgfXr2:C3KQIfe/16GD9c8ODjc35MeZR
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe
Resource
win10v2004-20231025-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391.exe
-
Size
1.3MB
-
MD5
1479ee68750242f019956fd3443e761a
-
SHA1
8253aebd1a754172c192e1e9ffd1d5e7a9af4ea7
-
SHA256
7011baaee0cf94f06cf89fd2672f6d3e0a304abd72324532cc4e871326395391
-
SHA512
164f9acc32622d68033454087ef21e3101e02d938f82c3b7c993ded4624d469604372c8b339539c852c85f7dde2fe05ba6298aec1fb699ef768e765562b0b03b
-
SSDEEP
24576:3y3B0B/2xS0WWvaeoIs2CFG0pYDNQcrc/0a2ODjjIN3JvMeZKMGeWgfXr2:C3KQIfe/16GD9c8ODjc35MeZR
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-