Extracted

• • Target

    6b362b2e24b31baf1345b1510806cdd4ac3af1ad704881421ceae5360312eed8.exe

  • Size

    917KB

  • MD5

    c40276ad0eb1038cd024c5e4babcf263

  • SHA1

    350dc700c78effca3ad37c1020de1ed28e80e052

  • SHA256

    6b362b2e24b31baf1345b1510806cdd4ac3af1ad704881421ceae5360312eed8

  • SHA512

    b2adfdea23fbddaf31101a3daeab1befbb342bcc4c7be75528f6052b6c5c14d5c323345a0ca00f21e7d663198964201a8af0bce37840a5b24a2f07c8efb60306

  • SSDEEP

    24576:iy0ePFmaeuIsGC/GzLYDLffac1GNhp0ceplJ:J3etBEG4iPfp0Fl

  Score

  10^/10

  mysticredlinetaigapaypalinfostealerpersistencephishingstealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1