Extracted

• • Target

    05b47b8ddfbc800b01b50657de1f4afa12f8403ee179ea1c880c9a6760a76fea

  • Size

    1.5MB

  • MD5

    0ea847cec8b85577102a4ebc11930750

  • SHA1

    24a69022d8a31c2c64328f2774e60e10569d8f16

  • SHA256

    05b47b8ddfbc800b01b50657de1f4afa12f8403ee179ea1c880c9a6760a76fea

  • SHA512

    d58c4e092897a89b98e78cd0d9d418f2d38ca3684a854eee29b161db6e018ea255a0532db2e1c56a01e62e522b369cd8fbe2af34e72c3cfc778d5ca0439232c0

  • SSDEEP

    24576:Jyqg4L3o5NRR7qDwrnuqHzSuJR1nejjjGU8voqT8ZGSC3:8xYg7qDAhzSmnEWUmT8ZG

  Score

  10^/10

  mysticpersistencestealerredlinegigantinfostealer

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2