Overview

overview

10

Static

static

3

NEAS.1ef26...c0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.1ef26c082ca2cded74c12218aec735c0.exe

  • Size

    658KB

  • Sample

    231117-12vneaeg69

  • MD5

    1ef26c082ca2cded74c12218aec735c0

  • SHA1

    9d332f2768c09174b146895f3517acb72beba8a2

  • SHA256

    035553eab269d47d7c7a6e723b4faac9798f1d7adc058918346b37d094743567

  • SHA512

    6772ea832c273c3aaa8dddbc36a0a2c850ccbe9f70e7d811efaca165a71d140c8c0eefb29f2996d325d4d9162f2cd9d1b030356b0e19b7e8b9d739c522f843d8

  • SSDEEP

    12288:uMrey90d0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL69Q6D6XyRqrNV:UyiiaaewIsgCQGIgYDPmy4RV

Score
10/10
mysticpaypalpersistencephishingstealer

Malware Config

Targets

    • Target

      NEAS.1ef26c082ca2cded74c12218aec735c0.exe

    • Size

      658KB

    • MD5

      1ef26c082ca2cded74c12218aec735c0

    • SHA1

      9d332f2768c09174b146895f3517acb72beba8a2

    • SHA256

      035553eab269d47d7c7a6e723b4faac9798f1d7adc058918346b37d094743567

    • SHA512

      6772ea832c273c3aaa8dddbc36a0a2c850ccbe9f70e7d811efaca165a71d140c8c0eefb29f2996d325d4d9162f2cd9d1b030356b0e19b7e8b9d739c522f843d8

    • SSDEEP

      12288:uMrey90d0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL69Q6D6XyRqrNV:UyiiaaewIsgCQGIgYDPmy4RV

    Score
    10/10
    mysticpaypalpersistencephishingstealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

      phishingpaypal

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks