General
-
Target
cY2Ka57.exe
-
Size
658KB
-
Sample
231113-lmq94sbh6s
-
MD5
97fc6b8e2c2062669ad23bd1970690de
-
SHA1
f82faeb7e8f06ab8f1e3e7b5dae73c04dd63c6b3
-
SHA256
b0abfd9d5a6c8ea85f947f173698cafb3587631f05c595ae7837c45fb6d5cb51
-
SHA512
1e2043b786fe846e1b71f5f53b781dad3ab30ee1e2b5ed2742bdcc8e1c796b5abbc8a38b9b6393151bc76c8f4e7e1a67dc7dfc25f6c56decd4cda6c1aa8d610d
-
SSDEEP
12288:mMrSy90O0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6tAWS9KcqOc+:4yHiaaewIsgCQGIgYDn/SB8+
Malware Config
Targets
-
-
Target
cY2Ka57.exe
-
Size
658KB
-
MD5
97fc6b8e2c2062669ad23bd1970690de
-
SHA1
f82faeb7e8f06ab8f1e3e7b5dae73c04dd63c6b3
-
SHA256
b0abfd9d5a6c8ea85f947f173698cafb3587631f05c595ae7837c45fb6d5cb51
-
SHA512
1e2043b786fe846e1b71f5f53b781dad3ab30ee1e2b5ed2742bdcc8e1c796b5abbc8a38b9b6393151bc76c8f4e7e1a67dc7dfc25f6c56decd4cda6c1aa8d610d
-
SSDEEP
12288:mMrSy90O0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6tAWS9KcqOc+:4yHiaaewIsgCQGIgYDn/SB8+
Score10/10-
Detect Mystic stealer payload
-
Detected google phishing page
-
Mystic
Mystic is an infostealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-