Extracted

• • Target

    1125e7c42bc7ca7a0f58a39b1d2c0cd8d3d91da36fc9b197472f56126639052d

  • Size

    889KB

  • MD5

    9689f25bb0de435511f15d9c3cb39a87

  • SHA1

    136a1bd76b3d83c2971257aad7ced648d680054b

  • SHA256

    1125e7c42bc7ca7a0f58a39b1d2c0cd8d3d91da36fc9b197472f56126639052d

  • SHA512

    befdbca89b1f9aa1f70d41865dc64d2974e9c111e7b8309e629b7f3d427593a93ecd610e1302a82a16dee56b2203753f56a9c4cbc9dcb0e41ad69380f4a8d345

  • SSDEEP

    24576:fyqLl/UZZKw+TmmNyWcLOz7rQ/8HEz2B/6P/KDM:qqLl/CcFNjcLOQ8HEz2EP/KD

  Score

  10^/10

  mysticredlinetaigainfostealerpersistencespywarestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1