Extracted

• • Target

    b03b503a0c971f9e0fd75d3864b811145e79187eeb7e0fc2ba46e2062adf9381

  • Size

    1.1MB

  • MD5

    cdb281a8f0cdeeb0c36b07f9eb3f5d38

  • SHA1

    e3206b7483186fed5c7d8ab4dcf507f8431b392d

  • SHA256

    b03b503a0c971f9e0fd75d3864b811145e79187eeb7e0fc2ba46e2062adf9381

  • SHA512

    d347e95152c1ddfca12f01790b525bbece977e9997f7e6489396f40d6dedf11ae46bd0255d2d6a1f361764bd4410f32955c48b38225ffd34204563c8210edb02

  • SSDEEP

    24576:NySjnNklu2oGQA0QORLjvLz0N9LhdBZL8VLvD3TCqy:oGNkc5JfjK3/l8VLvbTB

  Score

  10^/10

  mysticredlinegendainfostealerpersistencestealer

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1