Overview

overview

10

Static

static

3

NEAS.8d286...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.8d286587b83808d643d43b73ebdeefd0.exe

  • Size

    656KB

  • Sample

    231117-2m7j4agc51

  • MD5

    8d286587b83808d643d43b73ebdeefd0

  • SHA1

    19b76fdfc65193ddb89aac919e421c026311f7dd

  • SHA256

    31ac840487cae4ce27a5d9547aaa38f82b95aa89ecebd548fe691ba57ede0f2c

  • SHA512

    bf610f0a6a77ac93926f6df59d49a9e9293deade7b531b2e4c60157e06a4c7bcbc0c8a32ad6ce0f07ecc190525025dc34f755477b92d6fa44300d8bc87600bb2

  • SSDEEP

    12288:RMrmy9020NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6Qjf5n2g:Hy7iaaewIsgCQGIgYDONnj

Score
10/10
mysticpersistencestealer

Malware Config

Targets

    • Target

      NEAS.8d286587b83808d643d43b73ebdeefd0.exe

    • Size

      656KB

    • MD5

      8d286587b83808d643d43b73ebdeefd0

    • SHA1

      19b76fdfc65193ddb89aac919e421c026311f7dd

    • SHA256

      31ac840487cae4ce27a5d9547aaa38f82b95aa89ecebd548fe691ba57ede0f2c

    • SHA512

      bf610f0a6a77ac93926f6df59d49a9e9293deade7b531b2e4c60157e06a4c7bcbc0c8a32ad6ce0f07ecc190525025dc34f755477b92d6fa44300d8bc87600bb2

    • SSDEEP

      12288:RMrmy9020NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6Qjf5n2g:Hy7iaaewIsgCQGIgYDONnj

    Score
    10/10
    mysticpersistencestealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks