Overview

overview

10

Static

static

3

811f66fa14...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    811f66fa14f932f74f348ec0471cf030.bin

  • Size

    217KB

  • Sample

    240602-b8r4esfd47

  • MD5

    811f66fa14f932f74f348ec0471cf030

  • SHA1

    45e99adf9a858d66bc4f9711664f554c7645e965

  • SHA256

    31a0f98c37f0acc09888796e5a3829ee1478723d2005a67d531c13c9d419937a

  • SHA512

    064808e14a1ed0878b8fca3002f458716b32c45706d128e6f3c5af78b299341b0b8ceded00a5be91d40af977adb08d648d03a8f8c540bc64ec3e447e371f76fd

  • SSDEEP

    6144:KSy+bnr+Op0yN90QEzsUl1Xs93Le+Ixlh7:uMryy90ZsUc93LylB

Score
10/10
healermysticdropperevasionpersistencestealertrojan

Malware Config

Targets

    • Target

      811f66fa14f932f74f348ec0471cf030.bin

    • Size

      217KB

    • MD5

      811f66fa14f932f74f348ec0471cf030

    • SHA1

      45e99adf9a858d66bc4f9711664f554c7645e965

    • SHA256

      31a0f98c37f0acc09888796e5a3829ee1478723d2005a67d531c13c9d419937a

    • SHA512

      064808e14a1ed0878b8fca3002f458716b32c45706d128e6f3c5af78b299341b0b8ceded00a5be91d40af977adb08d648d03a8f8c540bc64ec3e447e371f76fd

    • SSDEEP

      6144:KSy+bnr+Op0yN90QEzsUl1Xs93Le+Ixlh7:uMryy90ZsUc93LylB

    Score
    10/10
    healermysticdropperevasionpersistencestealertrojan

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

      dropperhealer

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks