Extracted

• • Target

    NEAS.691b962af15936456c9f97a6aca492e4ca229899b68ca4b3517ab42b8f7a0594.exe

  • Size

    522KB

  • MD5

    7537c3ebfeb1f256894ec554d8503b57

  • SHA1

    e6e315efb32712299144b64845bc82076da02df0

  • SHA256

    691b962af15936456c9f97a6aca492e4ca229899b68ca4b3517ab42b8f7a0594

  • SHA512

    557af935244a3595f56697e5726ede242a72b78f0c7a83ddf4540d537d9c9afab0bed87d3d64bff07ca77f8243cca7f0a2b1de1285c7d1e09723a7222d6b81a2

  • SSDEEP

    12288:KMrly90wwkQjMS6ckV5RXnhN3QFhqAePmjFISFazxB:Py8johV5RYF3ePmCQa1B

  Score

  10^/10

  mysticredlinetaigainfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1