Extracted

• • Target

    728f1a1fe298dc24919c7f444a9e1b6cfefc2228a403caea5cb2d0cd9552d156

  • Size

    742KB

  • MD5

    cfc8037ccedcba501d73d647ea9dafd5

  • SHA1

    cf02c7c68813f6f14a1ce73ddb4145a2bd4ef322

  • SHA256

    728f1a1fe298dc24919c7f444a9e1b6cfefc2228a403caea5cb2d0cd9552d156

  • SHA512

    18368bc0cc64d9933b542d84bda23e045464ec1299729845b0e57c48358669e639faf6a29c34f74598ce2bbd170423cf5e69fd1966a54fa52388ca6ec5de802a

  • SSDEEP

    12288:8l//yfYb5BIQZVt7QkHLesT5H9smJOYlkoOkL/oQF7V5QIoUE49:ciuBtZcOKsT5dsokoOkL76IoU7

  Score

  10^/10

  mysticredlinemonerinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2