Extracted

• • Target

    NEAS.4263b0d330ce65e7861edfd863576c30_JC.exe

  • Size

    600KB

  • MD5

    4263b0d330ce65e7861edfd863576c30

  • SHA1

    6c6e14f010b7ad9d33aac1530909ce9dd2d9184b

  • SHA256

    3e2152014824a6561c2a48c29926c44d393465b43dc8f86a3e65c00b9252ee5f

  • SHA512

    5b28c2bfec61d8b013cc3531285242e68ebbb827cdb694bd49398b071d6f3b7247113a49860bb133cffd17cbba859802d3a57e1ad21a2fe5008959d7d6a2fbb6

  • SSDEEP

    12288:rMrey90cokvsank6p+oqH+hqpgmFxYXXNWsD0vl0MQC2rMx22E0:Zy/sJ+vmFxYnNr090MQCpxJE0

  Score

  10^/10

  healerdropperevasionpersistencetrojanmysticredlinegruhainfostealerstealer

  • Detect Mystic stealer payload

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2