General
-
Target
NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe
-
Size
918KB
-
Sample
231111-mpdbpsdf9w
-
MD5
9d4790e6ac2f2694bf319a95b04a99ab
-
SHA1
2fd546f458635bbbda5936f9813ee78c67d05ec0
-
SHA256
8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc
-
SHA512
33c6f653694dcc74cd8f05459cda7dbf2a9ad145157990b9006acf4ee572a6dfd64c71180053c874f44d4ef342ad1ca81648d2c832e7b673ac55a72b250070d8
-
SSDEEP
12288:nMr8y90OBDSSvFip42aex4IC5ipCPHGBLPLvTMXiYQTDoPASBqGt0o8dfW2tPdD3:XyfBvCaeuIseC/GZLYDrJV8xWqdX3D
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe
Resource
win10v2004-20231023-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe
-
Size
918KB
-
MD5
9d4790e6ac2f2694bf319a95b04a99ab
-
SHA1
2fd546f458635bbbda5936f9813ee78c67d05ec0
-
SHA256
8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc
-
SHA512
33c6f653694dcc74cd8f05459cda7dbf2a9ad145157990b9006acf4ee572a6dfd64c71180053c874f44d4ef342ad1ca81648d2c832e7b673ac55a72b250070d8
-
SSDEEP
12288:nMr8y90OBDSSvFip42aex4IC5ipCPHGBLPLvTMXiYQTDoPASBqGt0o8dfW2tPdD3:XyfBvCaeuIseC/GZLYDrJV8xWqdX3D
-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext
-