Extracted

Extracted

• • Target

    6d9b4a93f740f8bfcb75f34163e4a8e5eba03c0a61b187c356011f7f367246d4.exe

  • Size

    1.0MB

  • MD5

    0fc9cee6808909feddf5c8e4e30c7abb

  • SHA1

    e7498be8807c91714ebcd30d698e3ea0670ef6cb

  • SHA256

    6d9b4a93f740f8bfcb75f34163e4a8e5eba03c0a61b187c356011f7f367246d4

  • SHA512

    80eb9a7ec6826b949b76d5e24200418647e86fecf6144900e900983f50c6502fc32fc1d90b577e27dab7ed2f2e6625ec6326f690c4ab17905ac46b2469b46353

  • SSDEEP

    24576:8ygbPFjq6/rtm4RLWdXuFFFymJ5throrhUniYRHA:rgbPRq6ztxS0b/vrDnBR

  Score

  10^/10

  mysticredlinesmokeloaderbrehabackdoorevasioninfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1