Extracted

Extracted

• • Target

    3156e51cd589b517f3ab0abd460b6d63ed526a8018d5f107fb2be4c1facb782a_JC.exe

  • Size

    1.6MB

  • MD5

    1f7d9f971a84228d4622902c235efbad

  • SHA1

    757dde0492a3dfafa9a56e27b4fe8499340fef56

  • SHA256

    3156e51cd589b517f3ab0abd460b6d63ed526a8018d5f107fb2be4c1facb782a

  • SHA512

    8968f1f80129fd70b7aea4f09a2a215a07291610eca665af9850426e1fb14213313f78b03c4cbe0ad8678be731e034106fab0f5b038755dd9a866039e05323b4

  • SSDEEP

    24576:syjMMZkOVawpplkGzb4EkBsS9rtiOz9V4zg1vU1Zepmy6bUvGrLMSUT9UNI:byYaV5LBntiIPGgO+0HG6LUT9UN

  Score

  10^/10

  mysticpersistencestealerredlinegigantinfostealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2