Extracted

• • Target

    NEAS.78c241ee205336f9ce449c104b1ea7608d71c8489aa07f4f55a84ae6d27ce915_JC.exe

  • Size

    1.2MB

  • MD5

    abb7f8218366424a14a301054fc2ed57

  • SHA1

    7f4884c03fa7103606b7ae4e2b90b1d2f133c6de

  • SHA256

    78c241ee205336f9ce449c104b1ea7608d71c8489aa07f4f55a84ae6d27ce915

  • SHA512

    272a0dfe6d314f0c0d11b294e61ca295487883b2efea846182ed486d62463bfa26a315ee964d1591a91bdd69c8118ca5125cec6a1b9ed0fdc20e525a278ef947

  • SSDEEP

    24576:jymuXXxHJ27jd+Rdmkr84+TVkhuBFTj+x3Cmo5bpr1gEJ2:2mun727R+vrr9A+xymGpr1P

  Score

  10^/10

  mysticpersistencestealerredlinegigantinfostealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2