Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

• • Target

    028b2964534ec73672e940b1d39800c01228ab40cfa923a7921d7726c68878a5

  • Size

    364KB

  • MD5

    455347ba3d7b41331dfee6bf9eee794b

  • SHA1

    6b4e14e85ec934c26fda86b0071cc25a1fbb1627

  • SHA256

    028b2964534ec73672e940b1d39800c01228ab40cfa923a7921d7726c68878a5

  • SHA512

    7126814a86b53bca08d83cd552d5dd5c7a2700d76855afb37cb0192ea1e2d2cacd4970df01c4cc53afb53169206a9b0a502e120f227d08d7580e45c555eda933

  • SSDEEP

    6144:Kpy+bnr+Yp0yN90QEcBoxiTwh/qF+XYSMaaXoqLiqWouemwW+oE:DMr4y90y+08qF+XvcoEioXoE

  Score

  10^/10

  mysticpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1

• • Target

    0ebae60c4738b797211b088ef84ba987010e206b4ac1f1d015c690be92c7aea6

  • Size

    621KB

  • MD5

    71994583d724e9b766bfd6c77cb0b4ec

  • SHA1

    590d62cc692718fc060033759f5baa542b29f78f

  • SHA256

    0ebae60c4738b797211b088ef84ba987010e206b4ac1f1d015c690be92c7aea6

  • SHA512

    e5b2f636942ffc11ac2222247f6974dd1b4907d7e8c0c89b421b5ec00623fefa2b5769ee8ff5df135747100fdfe7ab77b17b3b637b60d177ed660cc4f38db2b8

  • SSDEEP

    12288:tMrYy90Jk8gapGMsd3dp9vSEF6v3wGrcc6ZgdlTvVfo2fREdCaGj:tyx8gaY33j9v76v3wGrr6ZgdlTBFREYh

  Score

  10^/10

  mysticpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral2

• • Target

    3ae03a392f3a264a9e73fa7a83c2de0795f5a49d845443f755496373bc4c0dc7

  • Size

    1.2MB

  • MD5

    6a32e4e6c67d0b046997551d5c7c9921

  • SHA1

    404a50c9cd3b1c5482958444fd0a7deb151d4d8f

  • SHA256

    3ae03a392f3a264a9e73fa7a83c2de0795f5a49d845443f755496373bc4c0dc7

  • SHA512

    7f4d7a49e2eafa7e892d39abe01ef93da836aa301ac189dc70da83d0e0c1e96a8a82c37cec9d9913198d7be341f44678bf085e2cd64702a05b5d6a183f713b9f

  • SSDEEP

    24576:8ywErDEFzvX07jZx/ODGxOFD0EkmF6YT/RI/H0Ml:rwcijXsZwSiD0+F6iQ0M

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral3

• • Target

    49eb2b419a7fbc0c025450733e242f86ec67d7f11aff4c830eafc3484cd72561

  • Size

    1.1MB

  • MD5

    53b14402f6f3c6a7e9b776cdbd848f24

  • SHA1

    a21f7963102ffd59f8ef81409c1ff21196f23733

  • SHA256

    49eb2b419a7fbc0c025450733e242f86ec67d7f11aff4c830eafc3484cd72561

  • SHA512

    ced638cd3fb951a92def06ea88219731b7ecf7487c3e1a5131767dfbb8a6aadf1a3948a4a498893d848d6c7dc2854e16af00fd94ea83ca085291f5fe2ad9c94d

  • SSDEEP

    24576:Rdwx0OFYmMeTVR4QBIJGjlM24aRokSJY3MagC9:RKxhMeTVRTBTSAH9

  Score

  10^/10

  redlinehordainfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Suspicious use of SetThreadContext

  behavioral4behavioral5

• • Target

    4bb1d789dfda1e41c8f39182a3f53a19e105cde455b57f94c5c65eb9ffd566b2

  • Size

    781KB

  • MD5

    86aa356413721bac81b78995b7fb3d53

  • SHA1

    15a9cae2c63da99804d66109fcf3fa4766aaec16

  • SHA256

    4bb1d789dfda1e41c8f39182a3f53a19e105cde455b57f94c5c65eb9ffd566b2

  • SHA512

    6618cb638105eaaa4928f93723d3d8c48035ab646b3a0431db12d994a4147a8291a69d2fa4042e98077cfb432ccf1b30ca9775845236e42d15d82982072fd5a8

  • SSDEEP

    12288:uMrgy90WDMPyYiY0NldHSraex4IC5ipCPHGkiPLvTMXiYQ5DsHYhYgig489JoEoL:KyNDMPQ5MaeuIseC/GRLYDOhYSoEI

  Score

  10^/10

  mysticsmokeloaderbackdoorpaypalpersistencephishingstealertrojan

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral6

• • Target

    4c0305778b4b02327cc84ac03c05c82f6839ea6dcb28c73b0751b4c168601e7c

  • Size

    1.1MB

  • MD5

    4e9a064fd09528f5303170e09f4a9915

  • SHA1

    660aba6a4f542e455c1c03d064a6a5d0f03f242b

  • SHA256

    4c0305778b4b02327cc84ac03c05c82f6839ea6dcb28c73b0751b4c168601e7c

  • SHA512

    dd16cf7e646bfb424d34de2ba2cb552f0ca987ab7f05e4e5fc02f0121cdcc64516a6f55205d30c8989c01b685cfffe6a5024dd939edcb5f394090fd6440f0ec5

  • SSDEEP

    24576:wyEcwtFE7Dovi0Qy5knZeVw4dCsgjWLbFuap2FXSBmIQHg:3EcSmfoa0QyiZ34csv2FiUV

  Score

  10^/10

  mysticredlinelutyrinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral7

• • Target

    56d014c086bdbb8e6727c4aa360408eb457604ca6d788375c3e76d1fc1282a70

  • Size

    1.1MB

  • MD5

    390faea7dece9ed80b3699b6223e8fd5

  • SHA1

    a1e00a7cc23aacddeab3203a987ec37f645b80ac

  • SHA256

    56d014c086bdbb8e6727c4aa360408eb457604ca6d788375c3e76d1fc1282a70

  • SHA512

    c9d4674c9bfcf72a7616cc30c01de867b405ba46f0ff72217920fbb0e243da52a97d7c0f483c23fa96a213addbd1a84bfcd2c5ead960b23668a20a9c5e20f928

  • SSDEEP

    24576:LyjTfPGEMBaeOharfPsvaRxbFFZ47NGqKN3/mJ7a/sv:+jTHGEDeT3T/ZetKZE7a/

  Score

  10^/10

  mysticredlinesmokeloadermagiabackdoorevasioninfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral8

• • Target

    64572328af55ddb39cf319f821a90aece83e1a0289c4066f72b87935030d767c

  • Size

    344KB

  • MD5

    db8538a9cf3b1fe62e0a793c61483ff1

  • SHA1

    951cea0aebc498c1dda30c82d59ff9dc93f14ab6

  • SHA256

    64572328af55ddb39cf319f821a90aece83e1a0289c4066f72b87935030d767c

  • SHA512

    6b82085596e3ef1611bb001330e12969384e4546fb1cdfc3f1d9ed6b956dbd2ceeb1d27199bb35921d21d53f73c20a61ca1b099ca95db85c036c89d21a44e095

  • SSDEEP

    6144:Kiy+bnr+7p0yN90QEMY41qLhsbGkHM5vpRcTzla+a1fCtYNoO6OdBJpfHU86:eMr/y90+YCqqbdwxuE+KCA36OdTpfU86

  Score

  10^/10

  mysticsmokeloaderbackdoorpersistencestealertrojan

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral9

• • Target

    68546b0231d09cc911cb999b99aac50e0886e7fb2a15f9838196cd1b969eed3b

  • Size

    1.1MB

  • MD5

    d55347ab750fee438e7aeced24d25f2b

  • SHA1

    a838f02f6518e45be77db5ca14054273a85f5664

  • SHA256

    68546b0231d09cc911cb999b99aac50e0886e7fb2a15f9838196cd1b969eed3b

  • SHA512

    3eb9ce1fa001c4692733d8bebf8c2b883a3b3e31f28a1da541d25a9e9ae981d0ba975b98c971dbf83791eb00bca2604573802fccf0150141d7bfc81f9b3754dd

  • SSDEEP

    24576:byQ/4rahpsXfgf3SB8ZDyrrocMnYqySPkeukTSn7M0dwrLhaSt9:Oe4rwWXY6B8ZDSocMnYmhukI0Lzt

  Score

  10^/10

  mysticredlinesmokeloadermagiabackdoorevasioninfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral10

• • Target

    756d67f0f1a9eb3ecd9811aa2645969a0399a6904fc24c012eb08d2a0496b50a

  • Size

    639KB

  • MD5

    dab60560ecb6c3cf5037239d0dbc7c02

  • SHA1

    1a8603946984015a72de8e736717a4aa73a8d0ad

  • SHA256

    756d67f0f1a9eb3ecd9811aa2645969a0399a6904fc24c012eb08d2a0496b50a

  • SHA512

    8c9eb4f718fafabab18045de6ed7f4e66108d7e880be82a24a5f1fad33d899e6f5c6ebba5d71fa4b1dc42435a7caee64bb9b62c175a285530c914811e4a36285

  • SSDEEP

    12288:EMryy90M9CrZaAs/CiYn6yr2bE/M3dHpQEIWAziHb1sO3nIrV6I:mynYZaCnnn2XsWAzi71TXI

  Score

  10^/10

  mysticsmokeloaderbackdoorevasionpersistencestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral11

• • Target

    88fc008066b2101015f65df21f2a0732a15470f31c4692048176dd67b4d25039

  • Size

    461KB

  • MD5

    aac7e90b8803c6a447e19e66f1a3b790

  • SHA1

    331223d135cf2770fd056f5d4caf177029216ffc

  • SHA256

    88fc008066b2101015f65df21f2a0732a15470f31c4692048176dd67b4d25039

  • SHA512

    3b84b48add6389c1a586613d880efda5a4fccc80074ad332f497c84c87f011e7d8476ae0db750d746ecc8f12238bdcfc36a2d2ad69da62240b0613c3fbb78d37

  • SSDEEP

    12288:76fXWcnwFEbTiWUMcpf9J6lLU8TnOzAP:76fGcnRUMiGlLbnwAP

  Score

  10^/10

  redlinemagiainfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Suspicious use of SetThreadContext

  behavioral12behavioral13

• • Target

    8ab296834f82cfcc09d242ca9b14991f94e5b8578e693e18cddc6e18583575ad

  • Size

    692KB

  • MD5

    a13fc9ad8cf55c496a185f18bd0a0740

  • SHA1

    629025604464c5dccd662e3187eb32cfda1916ae

  • SHA256

    8ab296834f82cfcc09d242ca9b14991f94e5b8578e693e18cddc6e18583575ad

  • SHA512

    8dff6352b8503fdea23905f5dfe6008bd3354831b64e26d439c1ce5b3391c0f088b91546b69fd59ffc20db9ed1722364ddc26603edb6a2d71e7c58e234252fbd

  • SSDEEP

    12288:QMriy90R1s6OszLz0xY1RmI7wr6MNLKY8iUk2q5N1Uv6ioJAYHyGjBXL7tvC7l:iyb2H0u06CKYTr2q5kv6LAtyft2l

  Score

  10^/10

  mysticredlinesmokeloadertaigabackdoorinfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral14

• • Target

    903d5eea2e039a18d476d0f8eed04db2ebab7584fcc8eda779901b4ecd592eff

  • Size

    1.5MB

  • MD5

    9101fa3af5f9c60b19915c86597f2000

  • SHA1

    d004d84d73db3c22c1fe533cbe1e4058b855734c

  • SHA256

    903d5eea2e039a18d476d0f8eed04db2ebab7584fcc8eda779901b4ecd592eff

  • SHA512

    48b1bb2a62d596236ac4ef009c71d22357ec91ddc4897db1d33594fe9af45c370ab33d781813fc97098bed32f755b9f1fe4050148b9f240c2eea2195adc1f5f8

  • SSDEEP

    24576:zy6yE7XJ7HYEAAK3zyWuiMd37J/XiUySLilJEBJeEDB/cmWvjtBD2fXvRILUn5OD:G6yELpdAAK3zXMlJvhySulJEBJL/cjRZ

  Score

  10^/10

  mysticredlinesmokeloaderbrehabackdoorevasioninfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral15

• • Target

    a667459185406132f726b24ab0a1ee46efda6669c577f3f34cccd16abd51a708

  • Size

    383KB

  • MD5

    23a0b4151c1a82897ec058e7d039880a

  • SHA1

    9427b94e84cc3a069187fcc1b4a1ccb9ae45659f

  • SHA256

    a667459185406132f726b24ab0a1ee46efda6669c577f3f34cccd16abd51a708

  • SHA512

    1ebe687c4c7778523c0a6778e05b9ccce50972eff4a02380d2ba5e087db32a347c217130fa4bc9d6927806036132ab83713cccbfd713d9a8f40815625de7f925

  • SSDEEP

    6144:KPy+bnr+3p0yN90QEH7fzCOpLi4lsqn3F4jdyr6+PLrBtrTW3urz76Xwhl4I:JMrPy90l2Kcu4grzv/rsA76Xi

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral16

• • Target

    b42e87afb8e78889d83796798a5b481717e3a8e055b712f3be843dc5251b5084

  • Size

    1008KB

  • MD5

    fb6288054eaecd7dc4cd472d0e72508f

  • SHA1

    fea27b04a4c40654643e41648482e35979d3991d

  • SHA256

    b42e87afb8e78889d83796798a5b481717e3a8e055b712f3be843dc5251b5084

  • SHA512

    275ddbe788c686e8a50bcf81c06c8eb257a7a0579cd85f07e83e1db3e0113e01bb108cae35cce8e7c30e197f6e1c1c54954361141a628a7c98ec5fb7a4671b29

  • SSDEEP

    24576:vyxf2P349eEUSNup14VhqLkBczYB7RSzr3dChcE5hQTtX9w:60fmeEUSk/4tBcw9Sz5U/LQTtX

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral17

• • Target

    cdc820df4bc752f27ec02df80d490eb873cb293ebe295e0d73f95622ef6b0d04

  • Size

    1.1MB

  • MD5

    35f754ed52922b7f8f2d49d13eb22eae

  • SHA1

    ab826e9df217bed63f868374bdfadd3b0e3176c4

  • SHA256

    cdc820df4bc752f27ec02df80d490eb873cb293ebe295e0d73f95622ef6b0d04

  • SHA512

    9254ecf349fd8e898eac81da2a1ea6b18957d3f7b5b28c42520ac1e414b9de2d27722ae0d8ca75b3d248db31340366382687a52eb0ff52b96d1ad96259340819

  • SSDEEP

    24576:RyLCyIGS/uw5LGNNVuK5glD+kGmlzdm0214BjbFQQKQN:E2vG3X0K5gN+kDRmPqBjOj

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral18

• • Target

    d52db8688155f5960af607ea116cac7310719b971ef7efd19f34585b6431d286

  • Size

    700KB

  • MD5

    7616a400ef3ec175c466cdc6b89df60c

  • SHA1

    c841e98e939ebbaad18742e95040de8b2a3c8d5d

  • SHA256

    d52db8688155f5960af607ea116cac7310719b971ef7efd19f34585b6431d286

  • SHA512

    edd64b34791eff94d5a07e75cadee88652a61008ad2ee58240f840a4c4565c0d757feaf184174b4152dac363e19ea8a890510620df060e087f0ca09957935c60

  • SSDEEP

    12288:cMr0y90yca7+SIoLrNSRZpdN2STpXvkv3fiDY0QU4ns4kyHW1JbG2Ei4jfqz:Yysm+SVlCZJTpXvkvvGYLUWvkyqJbG2N

  Score

  10^/10

  evasionpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence
  behavioral19

• • Target

    e17fa1b4c1940b188c7cdca6098ad239644d59ae3ac75405c11faf08a0699c2e

  • Size

    819KB

  • MD5

    cdb92ed4f80ad1af3433a407fa466fa1

  • SHA1

    175e95f65a3419b18ec55532268662d26b4e72eb

  • SHA256

    e17fa1b4c1940b188c7cdca6098ad239644d59ae3ac75405c11faf08a0699c2e

  • SHA512

    00b10eabe8780be719a647988cad690bc5796b7d57f20964849753a6da230a6ae63c655bb1f4da288caa54f540110d3dbedcbf360c2b7a31d3880930c200d2ec

  • SSDEEP

    24576:syGB/OVfuMjv3yMFmTrIti5gqZKN4jYI:b6OVD9oTe2gqQNiY

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral20

• • Target

    f068aa20f8123496a540be006d669b95cd194e7c2d6d86bc3c0a956326dd01e6

  • Size

    430KB

  • MD5

    5ed54fab6ce1de1e72501e6fae01db74

  • SHA1

    f712966b1719849d88f274f671486bcea70ee99b

  • SHA256

    f068aa20f8123496a540be006d669b95cd194e7c2d6d86bc3c0a956326dd01e6

  • SHA512

    b48d3e439503c9f596651e84a0affe0df9c0ccb963c745eb5aa5bd0ea4a5d45b9ea77cbf44f229665682c8b8d5c296257194943cb508c422d5b807b6c3c601c7

  • SSDEEP

    12288:ZMrKy90/Lq//N2J5lrk8qnTvKHOtKE3VU:XyaM/N2J5lMnTSwKEFU

  Score

  7^/10

  persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral21

• • Target

    f3bbfb34efdda08027f33e680ee6274325d4986f57ea83d34517fef7abd65b1c

  • Size

    843KB

  • MD5

    46a6de119fb7256f7b36b70546344387

  • SHA1

    804612a43e20322bf716a5216acb850eaad6e4a9

  • SHA256

    f3bbfb34efdda08027f33e680ee6274325d4986f57ea83d34517fef7abd65b1c

  • SHA512

    73c0537f973210d5a5e882ed55fb19a9af7cc0dc7af39bcb217d6fbc6a8f6cffc542d50c34b9a88a74846147d414a511d9ef3f4330cc819f140e2fa6f4be38d9

  • SSDEEP

    24576:oyivJjEUyx3voeZA+GMGA9NSm/b7XAh5vE0f:v9tx3vtAnMdNas0

  Score

  10^/10

  mysticredlinekukishinfostealerpersistencestealer

  • Detect Mystic stealer payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral22