Extracted

• • Target

    c4112ebe1f8d2b3167172d3fc7c5a18a2253e22052376e32c00f20d04d677840

  • Size

    1.2MB

  • MD5

    d5955bc329e947f2693e64929dcb8d80

  • SHA1

    3cce5cfe424f46443155164b54b4d8c78e04f6ca

  • SHA256

    c4112ebe1f8d2b3167172d3fc7c5a18a2253e22052376e32c00f20d04d677840

  • SHA512

    f0b39857c62268e4645c925521ef6025c857a4a1bfc17f894b0e4c8702fbd88ecaaaefc2a7e71c4a2a46bc2e281da27073055c4106b0769d27bfe2b5055b3c71

  • SSDEEP

    24576:iyxZbeQt2LUo0pWqnUJ6zlrnFpsXNfYbirc:JPeZd0XnYUrn7G

  Score

  10^/10

  mysticredlinetaigadiscoveryinfostealerpersistencespywarestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1