General
-
Target
to3Rz90.exe
-
Size
658KB
-
Sample
231113-lpzn9sbh71
-
MD5
dd93ecb2105d0cd428aba45ecc3e64d3
-
SHA1
2c25278b0291c03a0ee0ead072a866fe38c0e5aa
-
SHA256
8ca643d9b79b8b95979e7a9731930569fc8dcbe61fe18b6654366404754f2472
-
SHA512
05859a47573ff2c2b9b649843c1fa2c8cad9f08f1e9ba0f9c0e171dee6e62610a85c89b361ad51c8e6d57035409975268c710c99f0cadde2f633ef824fb51a37
-
SSDEEP
12288:RMrzy90J0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6pYCkHaEl:myCiaaewIsgCQGIgYDflkHas
Malware Config
Targets
-
-
Target
to3Rz90.exe
-
Size
658KB
-
MD5
dd93ecb2105d0cd428aba45ecc3e64d3
-
SHA1
2c25278b0291c03a0ee0ead072a866fe38c0e5aa
-
SHA256
8ca643d9b79b8b95979e7a9731930569fc8dcbe61fe18b6654366404754f2472
-
SHA512
05859a47573ff2c2b9b649843c1fa2c8cad9f08f1e9ba0f9c0e171dee6e62610a85c89b361ad51c8e6d57035409975268c710c99f0cadde2f633ef824fb51a37
-
SSDEEP
12288:RMrzy90J0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6pYCkHaEl:myCiaaewIsgCQGIgYDflkHas
Score10/10-
Detect Mystic stealer payload
-
Detected google phishing page
-
Mystic
Mystic is an infostealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-