Extracted

Extracted

• • Target

    137a2be9efbaf6252e44947cad2170bfacc88494551ccbac34536013aea88d88.exe

  • Size

    1.4MB

  • MD5

    03705afeca5a83de17acf45350fa55fc

  • SHA1

    37f7af0d2c7a0797022249c414905bc179c7b541

  • SHA256

    137a2be9efbaf6252e44947cad2170bfacc88494551ccbac34536013aea88d88

  • SHA512

    5265205eeb3f3d13946815add67b4c057d56f0c9d77bb525ebd356cd1390ca7a07462023afd9e3b0999e2da51b916d7d77533af8fd21337ab5c6d4bbbdb55c21

  • SSDEEP

    24576:/ypqPXYEpdliZ/txMjmetIsfrSG2FzDtG/o0DSeq9O9XIwLljKenv63xOmPA:KUYEp3CIqee0WGapGZS/9s4+lj/uZ

  Score

  10^/10

  mysticredlinesmokeloaderzgrattaigabackdoorevasioninfostealerpersistenceratspywarestealerthemidatrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Modifies Windows Firewall

    evasion

  • Stops running service(s)

    evasion

  • Executes dropped EXE

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  behavioral1