Extracted

Extracted

Extracted

• • Target

    34bff4013969aea6d2d77ac24d063ec347172f6fde9920ef9270002b97555b16

  • Size

    1.4MB

  • MD5

    6841c454ccca5e8b994402308c53b72f

  • SHA1

    9ecf049f82a82477b2e09f40e57cb9e088b3a669

  • SHA256

    34bff4013969aea6d2d77ac24d063ec347172f6fde9920ef9270002b97555b16

  • SHA512

    3e452081affa3a7b0a5bc50e54ea4015d83a41ac7696b78fb8880fda2c68e68eb8b9814e9119dccb73d9fd375f9a2e39aed5e91ae9f5b9885b348d859b2ec0a9

  • SSDEEP

    24576:WyomcrJUlCJOhpRK1eGIsVA+G/yrDYQPzxYI/4S+8tO6RS4ioqxSPrjPA+uo:lol1OJke1GjGOnPz6nS+8lYxGPq

  Score

  10^/10

  gluptebamysticredlinesmokeloaderzgrattaigaup3backdoordropperinfostealerloaderpersistenceratstealertrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba

  • Glupteba payload

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  behavioral1