Extracted

Extracted

Extracted

• • Target

    f0acf7445b70725743b0414fa91397bf2c62fd398fdd34cdb31e701747a9b3f9

  • Size

    1.4MB

  • MD5

    65e63ebe0b342088e22878168314b5cb

  • SHA1

    498802fddde49704c8692bcc1387e8c74e7c2b3d

  • SHA256

    f0acf7445b70725743b0414fa91397bf2c62fd398fdd34cdb31e701747a9b3f9

  • SHA512

    95e04300901ee5b0d9f70cb9912e0c39f9d9875a4c18f7545b60435a0746d39c9467886bdd595af561c387af7129a649beec068584bd963ba33e10942fa4d64e

  • SSDEEP

    24576:8yi0XE0dqyBks3fyxoX+fsenIsfs7G22dDVmZ7FOdf8jdxkshdp8E6rVv39hNDu5:ri000Tbfy1keIYCGnC86d3X6rN3R0

  Score

  10^/10

  gluptebamysticredlinesmokeloaderzgrattaigaup3backdoorgoogledropperevasioninfostealerloaderpersistencephishingratstealertrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Detected google phishing page

    phishinggoogle

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1