Extracted

Extracted

• • Target

    5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa

  • Size

    907KB

  • MD5

    3f499a1933024166466a48c80ea6de27

  • SHA1

    ca25d4bf7c2bdd0fe452332e7eed098946b18996

  • SHA256

    5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa

  • SHA512

    532216c4d2a7b7cc664e2fb187c7639e41d03afc131f3aff76288e7f2974ab0cc19a29e3705a45860cdcbf1c2f48552280d82228c7fb242a64a47c4c202bb807

  • SSDEEP

    24576:RyraXEXASfGulWICYPf9nC+rouv47jeM+5DnTY9uz:EraEjG4WI339P6/ejY9u

  Score

  10^/10

  mysticpersistencestealerredlineluateinfostealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2