Extracted

• • Target

    82edbc5dd9d64f648679e486c39ec1a7adbd32b13b7ad7af21efa2608a87178e

  • Size

    1.1MB

  • MD5

    127d7122e2d4550e0a7bfeb19ed0b711

  • SHA1

    464458bb7f20015cbc37ca6459f680360f4ef170

  • SHA256

    82edbc5dd9d64f648679e486c39ec1a7adbd32b13b7ad7af21efa2608a87178e

  • SHA512

    cc785bc68d110fdd2c2a2452970cb57d2d96277e47794909e5ba3e364a4c0030f11caa4316ceed6367aa5ee72958d104f0c5f4f947c455357237ddff168bb446

  • SSDEEP

    24576:LyyDG1vWvnHfIDvZF+55rfzZY2mb3OuFxpVqGJG4S/sj1PZVsEQ8q:+yDG1vwn/IbjV3OuFxpXA4SUj1PZVv/

  Score

  10^/10

  mysticredlinetaigaevasioninfostealerpersistencespywarestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1