Extracted

• • Target

    cdd1a000b61f4c2aa8e9fa390888d4de06ae7a9facc6110fe23bdfa17ceecd03

  • Size

    2.5MB

  • MD5

    ad8dbb2fbd748703ce43b544ac075c79

  • SHA1

    a21a15ea0f6097f922fcc7dc9b47008b22678d2f

  • SHA256

    cdd1a000b61f4c2aa8e9fa390888d4de06ae7a9facc6110fe23bdfa17ceecd03

  • SHA512

    01c3a388acea428b5db2b7c0e722f9897cead4e247af0994a2f82ce9d0df648a824da11646bd40b9d17743e5428e8a95ff30fc8ddebe2cbca798c5fe46155d9b

  • SSDEEP

    49152:elMtyQ3eJziMp6a3v4SwjpmYiu5qeDwtTy:elMtLMQE2pmYHweDwt

  Score

  10^/10

  mysticredlineramoninfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2