Extracted

Extracted

Extracted

Extracted

• • Target

    2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0.exe

  • Size

    1.0MB

  • MD5

    7de2b4b0ffc4d0cd1e794ae46221ba77

  • SHA1

    bce24476aad069b38a7ed982be64de9096b25eec

  • SHA256

    2a18f4184897d97d571bae0e6f246e458b7773e32effe335b08beb717e641ce0

  • SHA512

    84fc6c1a628d655471dce59754e63e4d855b0bb64540ef4407eb415ddc88435ab232af7f2a80e9c2920b211c6953cbfc5b613ca85465c4c56bfcd773b0d4185c

  • SSDEEP

    24576:OyVNy4JP5hHQWReaeoIsdCxGDNTDrQamyNZC+e5nXAWg7:dT9JP5ZhBe/YEG1X++eVAWg

  Score

  10^/10

  gluptebamysticredlinesmokeloaderstealczgrattaigaup3backdoordropperevasioninfostealerloaderpersistenceratstealertrojan

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1