Extracted

• • Target

    588f0811928f30db1cfe9722406b997e78f04b17c821830a20744b3a5eaf994e

  • Size

    1.3MB

  • MD5

    63c0ad308a8d5febbad72e2c38ac11ab

  • SHA1

    20c3930ff59c0617dcece0baccacc4e1cd0541ee

  • SHA256

    588f0811928f30db1cfe9722406b997e78f04b17c821830a20744b3a5eaf994e

  • SHA512

    195913c40c7e99e2fa9a1c6083583ba5563777ee16089fed19ea87a69b389761a70912e5cc7a705d6f5e3c9a57f12640576abead4d8ad113d44ae72e3659f136

  • SSDEEP

    24576:cy9PClaBocoaexIsyC7Gf0RD6hykP5j2RLDFvBi5N+8yAVSjz:L9PWaBxeqxcGeGh/P5aRfFZQN+8zo

  Score

  10^/10

  mysticredlinetaigapaypalinfostealerpersistencephishingspywarestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1