Extracted

• • Target

    NEAS.7da733f143c45f0b42d304e48be8fa55d34fdd279b5efd02ed1d34a5553c50ed.exe

  • Size

    1.3MB

  • MD5

    e589ae5fd4bbfdde8a7868a1f1811bfc

  • SHA1

    272c86c0917fdd8c97312b26a678cb1399cd960d

  • SHA256

    7da733f143c45f0b42d304e48be8fa55d34fdd279b5efd02ed1d34a5553c50ed

  • SHA512

    b8a6ba8cd3ac3aff86cb01e6a5d83c55d47ca4163cfc899676d0a5cb7af9812d4ec352fd74ae61895e7dc4fe4ab0f047e803312a1d4985399c36b14de9d3cc7c

  • SSDEEP

    24576:jyk86q1OCIRXKaeUIsACyGVRODjipvFFkC8gx1R/NjOze+n/5Nzriipjng3:216UijezxNGSSnpvR/Njp+vz7pE

  Score

  10^/10

  mysticredlinetaigainfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1