Extracted

Extracted

• • Target

    NEAS.c63b05000ef49df5d1c8c9d20398b0f12272a9b2442815ef2944f8a30738d1e7.exe

  • Size

    1.4MB

  • MD5

    104805ea3bee18a5bab343df31c9bbf3

  • SHA1

    2f72e4b8062b208f8822bd88ca03de4aa7e54f6d

  • SHA256

    c63b05000ef49df5d1c8c9d20398b0f12272a9b2442815ef2944f8a30738d1e7

  • SHA512

    4d74c6f2bc7ffe2be6be66e932a335f0d848e9bf275fcb11131962287c3a11712f26173d418ca4b8c04a33514f1a198d13ccd10b2385b33bc29968c57d1b8988

  • SSDEEP

    24576:Dypjwxk9qG3KXoBDmqhJu0OMerIs8cHGJQzDJsN4K5ODBfvp7hTxv6mugrvxc11n:Wpjwu9qMKXoBDmMZek3WGaFsN4l1vp7a

  Score

  10^/10

  mysticredlinesmokeloaderzgrattaigabackdoorpaypalevasioninfostealerpersistencephishingratspywarestealerthemidatrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Stops running service(s)

    evasion

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1