Extracted

• • Target

    NEAS.9301cb162262c21467e409e34c083b10.exe

  • Size

    890KB

  • MD5

    9301cb162262c21467e409e34c083b10

  • SHA1

    abcf1b431853b7115ae6091b591d5de7a93677ec

  • SHA256

    2e1d54b8f901ca82b03038d7e5dd540ac9291ee4e641f4de787e628b930134c1

  • SHA512

    8e891e9a6ad6b6375e46beb88ee82fbb681d5ef1299d52c2e0e88f22e53dfe25a4381560a51af169a327b80e56a7c7c7c6fb87efb31bb871ec6781d1f08318c3

  • SSDEEP

    12288:bMrTy90OZT83eCKnvhpcxMrAevRsXeWIoJOLS6R8QxixFIFW76pSin5G/4ej:MyNZNCupcxMrAanWO+6KQA6n5Ah

  Score

  10^/10

  healerdropperevasionpersistencetrojanmysticredlinegruhainfostealerstealer

  • Detect Mystic stealer payload

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2