Overview

overview

10

Static

static

3

NEAS.531c4...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.531c40476c986618c0cfbf89781b5cb0.exe

  • Size

    656KB

  • Sample

    231116-llpd5aba4w

  • MD5

    531c40476c986618c0cfbf89781b5cb0

  • SHA1

    5bce01285d7622be7f733a44d4d17553d0b60239

  • SHA256

    1ec7f741d88adec1b6c76f7aecc0478a35b80faf5f0e422f72daff71404fd334

  • SHA512

    8c9fe24b075c8fcce4710d26fa19dc9d2f9dc6dddc1cbef7da2e8339e7175b8aef4fe821f62c228dc1f5ffa9de73d62cc12b605b9e0021611235bea47a94b624

  • SSDEEP

    12288:aMrBy90S0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6+Kw8Dy//Atsp5IE3:LyViaaewIsgCQGIgYDYKje/cnE3

Score
10/10
mysticpaypalpersistencephishingstealer

Malware Config

Targets

    • Target

      NEAS.531c40476c986618c0cfbf89781b5cb0.exe

    • Size

      656KB

    • MD5

      531c40476c986618c0cfbf89781b5cb0

    • SHA1

      5bce01285d7622be7f733a44d4d17553d0b60239

    • SHA256

      1ec7f741d88adec1b6c76f7aecc0478a35b80faf5f0e422f72daff71404fd334

    • SHA512

      8c9fe24b075c8fcce4710d26fa19dc9d2f9dc6dddc1cbef7da2e8339e7175b8aef4fe821f62c228dc1f5ffa9de73d62cc12b605b9e0021611235bea47a94b624

    • SSDEEP

      12288:aMrBy90S0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6+Kw8Dy//Atsp5IE3:LyViaaewIsgCQGIgYDYKje/cnE3

    Score
    10/10
    mysticpaypalpersistencephishingstealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

      phishingpaypal

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks