Extracted

• • Target

    NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe

  • Size

    1.2MB

  • MD5

    7b68089b89d04dd24d22a1332d87cf08

  • SHA1

    66d956dadfe8dc098330dc3ec94a6a625c6a0462

  • SHA256

    04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa

  • SHA512

    0c1e561ae6e3c4111379c19618bc871c9c12b27ea5d2ae50396682e433e8369a97577e1b5f5ee3816fd2f4dfe2d8f749261a19c4cc20d0c517edfb282b45b592

  • SSDEEP

    24576:dyXzrx5oWmhku7V5d2FZ9+p3tthEEovRH3OIspEK:4XJ5oJhR0Ff+t3EEopeIw

  Score

  10^/10

  mysticpersistencestealerredlinegigantinfostealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2