Overview

overview

10

Static

static

3

NEAS.e358b...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.e358b45fd5d749157a0dab83f8487130.exe

  • Size

    400KB

  • Sample

    231118-dwskjabb5v

  • MD5

    e358b45fd5d749157a0dab83f8487130

  • SHA1

    761d0d798b508382d03d6d6bf3282020969c085f

  • SHA256

    980b0532bf7508e78c9ace1ef315105a76ed8dfd6f19d0417c5116cbe94c0fc3

  • SHA512

    5fbe898d6b5836a07bf8fcfed9601f51991275cc5f23690f43c98560a93a89f1942fa0dba39f1a7953afd155e1c68a7b55a90da4e230df797a8e8079c4753c54

  • SSDEEP

    6144:KVy+bnr+Bp0yN90QElMw4UFYvVSlvUdgqA5OLQJHNRjX3a41KSnThPCOgy:PMrVy90/4UF3viS5OL43XKHS9Chy

Score
10/10
mysticredlinetaigainfostealerpersistencestealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.e358b45fd5d749157a0dab83f8487130.exe

    • Size

      400KB

    • MD5

      e358b45fd5d749157a0dab83f8487130

    • SHA1

      761d0d798b508382d03d6d6bf3282020969c085f

    • SHA256

      980b0532bf7508e78c9ace1ef315105a76ed8dfd6f19d0417c5116cbe94c0fc3

    • SHA512

      5fbe898d6b5836a07bf8fcfed9601f51991275cc5f23690f43c98560a93a89f1942fa0dba39f1a7953afd155e1c68a7b55a90da4e230df797a8e8079c4753c54

    • SSDEEP

      6144:KVy+bnr+Bp0yN90QElMw4UFYvVSlvUdgqA5OLQJHNRjX3a41KSnThPCOgy:PMrVy90/4UF3viS5OL43XKHS9Chy

    Score
    10/10
    mysticredlinetaigainfostealerpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks