Extracted

• • Target

    7e390ca86f3a591a740e6aed05214cf75773e0d38dd70fd194fe26f12e876123.exe

  • Size

    1.3MB

  • MD5

    0c5b40fbabd22d7b3717286e6e4df432

  • SHA1

    9b8b2a417cf31a3e0d7ee5cde763e89a7c1ae296

  • SHA256

    7e390ca86f3a591a740e6aed05214cf75773e0d38dd70fd194fe26f12e876123

  • SHA512

    d0b3396649579d4ed53d7c57681511b4b23ee7d3f239dd345a8acddd9ace633bc91e6e710c0c2c08aab8d963727b47c14b011a1e89e65303c990203477c04c67

  • SSDEEP

    24576:myCw54TPgJzCJaeaIsUCCGpAfDoEMD+S97T6F6B0E/OVWoDn5Ektgu6WG:1CsukehJxGI03l97T067mWoDttH

  Score

  10^/10

  mysticredlinetaigapaypalinfostealerpersistencephishingspywarestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1