Extracted

• • Target

    10a7b249bb6251659cfad6b2079b91ba457619002136e9f5737e3b546f0899a4

  • Size

    1.1MB

  • MD5

    2866f5e26a852af515dfb05c87e8c8ec

  • SHA1

    e6e96d20837d36c48d92da52678b988e7aab0d8e

  • SHA256

    10a7b249bb6251659cfad6b2079b91ba457619002136e9f5737e3b546f0899a4

  • SHA512

    44bbe0174932f70c9ff9a8a13ddcc67cf79ad587c091cb054dc68bcafe12389c1c8c2feef34aa620029a9a158e78a64b132aeb87baec1d4d9221559163e9d8bc

  • SSDEEP

    24576:Ty1yppsbsgqmTkts2+6jVqzRHW5NBqYiea87HnZqs5I0Cd0:mVAmTk+2+6jaR2N7a6HZni

  Score

  10^/10

  mysticredlinetaigaevasioninfostealerpersistencespywarestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1