Overview

overview

10

Static

static

3

NEAS.4fde3...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.4fde30391186041fa4395f14e6de2f50.exe

  • Size

    674KB

  • Sample

    231116-mtwc3sbh2y

  • MD5

    4fde30391186041fa4395f14e6de2f50

  • SHA1

    4a17a3e8987c07787bac9abc9a7755b11c5e7fef

  • SHA256

    92b354efb461488e746c52aba06fbd77aad6b22084e0516b415579f28baa7899

  • SHA512

    4fd66e9fbc7dc68d153de52b7835fe3563d8ed360790c2d7b0c4f20b03c3b8f7770598ce5bc3c126843472ce3fa5c301b0cbfc4c50eac6be46e639b276fe3c26

  • SSDEEP

    12288:4MrXy90F0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6YSBBhg7k+LzgwqJuVCGFf:/ykiaaewIsgCQGIgYD3O7HYwqMjFf

Score
10/10
mysticpaypalpersistencephishingstealer

Malware Config

Targets

    • Target

      NEAS.4fde30391186041fa4395f14e6de2f50.exe

    • Size

      674KB

    • MD5

      4fde30391186041fa4395f14e6de2f50

    • SHA1

      4a17a3e8987c07787bac9abc9a7755b11c5e7fef

    • SHA256

      92b354efb461488e746c52aba06fbd77aad6b22084e0516b415579f28baa7899

    • SHA512

      4fd66e9fbc7dc68d153de52b7835fe3563d8ed360790c2d7b0c4f20b03c3b8f7770598ce5bc3c126843472ce3fa5c301b0cbfc4c50eac6be46e639b276fe3c26

    • SSDEEP

      12288:4MrXy90F0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6YSBBhg7k+LzgwqJuVCGFf:/ykiaaewIsgCQGIgYD3O7HYwqMjFf

    Score
    10/10
    mysticpaypalpersistencephishingstealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

      phishingpaypal

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks