Extracted

• • Target

    722b697b069f14055f310f1fce742889c4207dea00f0cb912a4d105c1403f72e.exe

  • Size

    918KB

  • MD5

    a13c2608bc3f12fa340363e5ee8209f6

  • SHA1

    e38c4caa67fae600467638d6277f52c5b1dc3113

  • SHA256

    722b697b069f14055f310f1fce742889c4207dea00f0cb912a4d105c1403f72e

  • SHA512

    ab28506e4c42ac98bb45ea598bb455d8aaafabf57d1fad610ddae4c262d37db9bb9ce99ec3fd364442c509b08f7ae34259b17667ac8154aaa21af17be6915cb7

  • SSDEEP

    24576:Ny+vp1sN5/haeuIs6C/GVLYDDg3DZCSC8bL8:odN50et7EGuED0cL

  Score

  10^/10

  mysticredlinetaigapaypalinfostealerpersistencephishingstealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1