Extracted

Extracted

Extracted

Extracted

• • Target

    26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8

  • Size

    1.4MB

  • MD5

    17a2c0150e6e483df2a2b93df792aaa5

  • SHA1

    d55bdcaf26aeab2bc84782476aac126b92bfe62c

  • SHA256

    26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8

  • SHA512

    3f1ea559a3971b5acd3006d8a4b2417d48f9d4fca9a541eb66a0ca2327f7389038499cc4115d313e977187900e4013cbac2d84dfd382f3b182eb3fdeddaf6269

  • SSDEEP

    24576:DyLRy7LSIPMW0weTeaIs1W1GSYYDntp/K9fMoPQ/Qxlv6nCNjFQouJnP:WLCL/PM4Ueh6MG8ztN2fMOQYxlCnCdy5

  Score

  10^/10

  gluptebamysticredlinesectopratsmokeloaderzgratpixelnew2.0taigaup3backdoorgoogledropperevasioninfostealerloaderpersistencephishingratstealertrojan

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Detected google phishing page

    phishinggoogle

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SectopRAT

    SectopRAT is a remote access trojan first seen in November 2019.

    trojanratsectoprat

  • SectopRAT payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1