Extracted

Extracted

• • Target

    NEAS.4774d686f9800df2d1e74d71b0f627a0.exe

  • Size

    692KB

  • MD5

    4774d686f9800df2d1e74d71b0f627a0

  • SHA1

    0151930b8a6cd3d4566c77d2575bb0967e385625

  • SHA256

    a27f78bc391c03ebfd8090575eeedf89b59b88ac92517eb4686d7bfcf458d673

  • SHA512

    5209a28f5dbd251e5c4804e838ffe975891f860f061c45e01e43275eb9c7fca4137557a1b8cfdb80837edb05bfee964af8b8adcbef8d0541385b146c1edb65a4

  • SSDEEP

    12288:VMr8y90OnvQf68z5Ti+uYDRtQM6vY8UUS2w8h60ZDVbl0MOMsYTlLiN:lyJnv8rPcvYxT2w8PDVblL1PTlK

  Score

  10^/10

  mysticredlinesmokeloaderzgrattaigabackdoordiscoveryevasioninfostealerpersistenceratspywarestealerthemidatrojanupx

  • Detect Mystic stealer payload

  • Detect ZGRat V1

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat

  • Downloads MZ/PE file

  • Stops running service(s)

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1