General
-
Target
NEAS.b2cc7177962605348c378a59f8e07ab0.exe
-
Size
419KB
-
Sample
231116-13qqvaac7z
-
MD5
b2cc7177962605348c378a59f8e07ab0
-
SHA1
8e4629b44e0fead30bdcbb058a4ddb063f73e158
-
SHA256
13e8bcc1746a867d5fffce461395b52430a9294ecc0b29090330165cc826dd5b
-
SHA512
bd61ca2cff2b1ca5d692739c39ae9fae96c27309584ecd19654ee47b2e9fd77e35f6da27900b55136261c0600d96420b2a04ccf15de81fd2c3fe4151238346ab
-
SSDEEP
6144:Kuy+bnr+4p0yN90QEPoenhu9LDu++iMxY4jVaQD0bP/r9nFS6ssV35N/+xJVy:WMrwy90Jn04hzVaQD0bpDsi5B+xJVy
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.b2cc7177962605348c378a59f8e07ab0.exe
Resource
win10v2004-20231020-en
Malware Config
Extracted
redline
taiga
5.42.92.51:19057
Targets
-
-
Target
NEAS.b2cc7177962605348c378a59f8e07ab0.exe
-
Size
419KB
-
MD5
b2cc7177962605348c378a59f8e07ab0
-
SHA1
8e4629b44e0fead30bdcbb058a4ddb063f73e158
-
SHA256
13e8bcc1746a867d5fffce461395b52430a9294ecc0b29090330165cc826dd5b
-
SHA512
bd61ca2cff2b1ca5d692739c39ae9fae96c27309584ecd19654ee47b2e9fd77e35f6da27900b55136261c0600d96420b2a04ccf15de81fd2c3fe4151238346ab
-
SSDEEP
6144:Kuy+bnr+4p0yN90QEPoenhu9LDu++iMxY4jVaQD0bP/r9nFS6ssV35N/+xJVy:WMrwy90Jn04hzVaQD0bpDsi5B+xJVy
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-