Extracted

• • Target

    18081fb12014cbf76301fd7613bd52cbb7cf155b70c65cf8c5d886647e35ef6b

  • Size

    1.1MB

  • MD5

    26a48a9ee2b814fd5f8e2e6ed4383d6b

  • SHA1

    3c4537353282ab8346b1bf9baec7ae7c8a483bc5

  • SHA256

    18081fb12014cbf76301fd7613bd52cbb7cf155b70c65cf8c5d886647e35ef6b

  • SHA512

    ead0fb2e9fd205349e36f09bd6c9fb2d5604996fcd9dda19ce85ddc4b05478fb3a84e56d806edb82c04237aa87fb8213cb30060baff309f4be5755ac168658dc

  • SSDEEP

    24576:vypN5jo7+oWXcwgPnsgV5nQUFpRC/W/m75hKn310VVLzTwuwHrAfz:6pNmbWXcwgPndxmey/K31mVXkt

  Score

  10^/10

  mysticredlinetaigaevasioninfostealerpersistencespywarestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1