Overview

overview

10

Static

static

3

NEAS.4a2fd...70.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEAS.4a2fdfd20ce3cfeb5ca72b44d36f1b70.exe

  • Size

    674KB

  • Sample

    231117-evjfxaeg83

  • MD5

    4a2fdfd20ce3cfeb5ca72b44d36f1b70

  • SHA1

    31b1839437fb1790d8229b894c6a17361a75693c

  • SHA256

    66141c174459efc918da5a873fbba05b04479438ca923cb95fa58db5654da003

  • SHA512

    f7ea629d200ac3a3432662d444ff1c60cbcda6bedae1d67595df152c8f78528823d2087a94184a87d0782ee1446546d7b17ba7e42da8dc4a4cef7bad9f09c26f

  • SSDEEP

    12288:2MrKy90v0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6USBMxlGXZM3Nrk2k0Y:YyqiaaewIsgCQGIgYDrOlGXZX0Y

Score
10/10
mysticpaypalpersistencephishingstealer

Malware Config

Targets

    • Target

      NEAS.4a2fdfd20ce3cfeb5ca72b44d36f1b70.exe

    • Size

      674KB

    • MD5

      4a2fdfd20ce3cfeb5ca72b44d36f1b70

    • SHA1

      31b1839437fb1790d8229b894c6a17361a75693c

    • SHA256

      66141c174459efc918da5a873fbba05b04479438ca923cb95fa58db5654da003

    • SHA512

      f7ea629d200ac3a3432662d444ff1c60cbcda6bedae1d67595df152c8f78528823d2087a94184a87d0782ee1446546d7b17ba7e42da8dc4a4cef7bad9f09c26f

    • SSDEEP

      12288:2MrKy90v0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6USBMxlGXZM3Nrk2k0Y:YyqiaaewIsgCQGIgYDrOlGXZX0Y

    Score
    10/10
    mysticpaypalpersistencephishingstealer

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Detected potential entity reuse from brand paypal.

      phishingpaypal

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks