Extracted

• • Target

    6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

  • Size

    929KB

  • MD5

    120a44c174787e2468251b13ab4bdfb9

  • SHA1

    a19b8b24353513645712f6d8a863d4a87fdc70be

  • SHA256

    6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

  • SHA512

    036ff4f9003bc145fe8ed7336445bc61bbe6b2916851d0264adadba9f733649a774b8465b8b09fea59a6210f7388aa026a6b59b4d38ace9507cb221a15a463f7

  • SSDEEP

    24576:ZyiBy1sjD7ZfxQZ99PazLhvZD1J9U3q2i:MkyGXJxQZrPazFd1JO3V

  Score

  10^/10

  mysticpersistencestealerredlineluskainfostealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2