Extracted

• • Target

    def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9

  • Size

    2.5MB

  • MD5

    0e356f9957dcbb263d76ef5c2a9b87c1

  • SHA1

    65145b4c61773a6964a4022640f536d4dfe99a1f

  • SHA256

    def33a91cb94ced66cbd04f2a83c4aabe7674965f00e572e31eeeeae5009d8e9

  • SHA512

    981779c8cd0fbd8a047306d18e8e0b0e31b6f08061cdcc37093acf5d787b6fac759c6d1e3bd36e5a868cacaa51239c8a503cd5146af21253bbbfa16bdde4d830

  • SSDEEP

    49152:1BtzA0pHxVmkv6a3vMVuQeZ3kKnvf5x18:1BtzCkCRoQERvf5

  Score

  10^/10

  mysticredlineramoninfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2