Extracted

Extracted

• • Target

    c9ddd3be851043bed9d3ed8a2021023e9068bc4730cf8656014d38291e5aa78e

  • Size

    1.4MB

  • MD5

    0044b7c437a33afdff36d8863e52c917

  • SHA1

    b6bb69836a6ad63eb8b355761dc1da276c1b7ebb

  • SHA256

    c9ddd3be851043bed9d3ed8a2021023e9068bc4730cf8656014d38291e5aa78e

  • SHA512

    ae4a96a08789852595be66fcd93a40e8949f92c4c074073609a4610c5123ce12174f7a95e5f52cd65a939e7e3ddd75f3ee076610d0727ef41ad4df61c0762ebb

  • SSDEEP

    24576:IytVaAF14CcDtDHUeCIs+GlGim1DFAkNbgBxoGYkKb5XnH3DioIuquq5:PtzF14ttoeZvWGzBhwxoGYkKtXnXGoXq

  Score

  10^/10

  mysticredlinesmokeloaderzgrattaigabackdoorinfostealerpersistenceratstealerthemidatrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1