Extracted

• • Target

    9e42b2d19cddfe0c5ad7368ddb6a7b9464bfaa775b953a1c861646580c3a4322

  • Size

    1.3MB

  • MD5

    c5758ef1a9a1f6af05692bf6e799745c

  • SHA1

    c813e67f24055c0cf632780869990ab9491b7fbd

  • SHA256

    9e42b2d19cddfe0c5ad7368ddb6a7b9464bfaa775b953a1c861646580c3a4322

  • SHA512

    b6e19a71c3d7cb6d9ac65f2615334b79c6fa2ba6b12e38149c75f3c05f5fdb849a1439ae931196dc2792c6946398650c2b84fbfa9cb77f45f11f35814cf0162f

  • SSDEEP

    24576:eysEH6W1mdaRWZpaevIsBCfG6+5DLoywr+e7ANGFuSx23F:tcGmdjEeAuyGX3oywr+CA6r23

  Score

  10^/10

  mysticredlinetaigainfostealerpersistencespywarestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1