d12706fdc21cc2efacf766d6df5b5f6bf0010d066bb0b87df926fe00f73bd502

General

Target

Mystic_Executor-2.rar
Size

62.2MB
Sample

240612-y4drkasenr
MD5

ea2f736bd3ab3e27ae9a5b9736a11b70
SHA1

d87bd201d5cdf06f6ecf7f2b804a406cf45549f8
SHA256

d12706fdc21cc2efacf766d6df5b5f6bf0010d066bb0b87df926fe00f73bd502
SHA512

f55dc5d794924570e7e16d638eb3cf6135d90a86f3dcc92b7689bb97ce62cb5885f7133ba04b15b8d6cb6f8f8130e8d6142cd55fbc2858049e88f137d8764e7b
SSDEEP

1572864:DFDkD15GxeZ2PWRCbBYg3nyXkui90r3q/Gw3OOFbuj:pDkyvPWpeijU0bq4lj

Score

10^/10

Malware Config

Targets

- Target
  
  BinLaden Mystic Executor.exe
- Size
  
  345KB
- MD5
  
  e13895a713b8ee1b5db9eee4f4bcd05a
- SHA1
  
  26613237d200f8b8c1d96929f0f6888e71254e03
- SHA256
  
  892bec756585b5e5a5b2a7747d5b7959d9c7f758a641515d06e27539d43533f3
- SHA512
  
  e5c8498709db79cadc75c5ca40577036dd7dac3665bcaa8feaf51ac3601e3b200d469b4ce68da493dfd8ed7c2207f156830ba947961f9656cff4912b75b1af3f
- SSDEEP
  
  6144:uoEcTM2ChCCPCCOCChCuCCa+CCCCCFUCrCCSCyrCCAj8JLM2ChCCPCCOCChCuCCV:uoEcTMH+JLMH+J
Score

1^/10
behavioral1
- Target
  
  functionHook.exe
- Size
  
  62.1MB
- MD5
  
  5cc81400ac36bdea6ca9e7fe3032358d
- SHA1
  
  e4ee9e7e65ea3ee445e8665d54b00474806118d8
- SHA256
  
  9dd548c2888ff143ad1e4552fb9c6b3183207b7e17ab81986c17b74751e40335
- SHA512
  
  865bf1aa8dbd1ea47dd86928a1a57a0ed318ed0de2daf15f88e68d91767db8edd6049449454010ba8719fa5051e8484490e64993decce4c5d74e1d6dc446622f
- SSDEEP
  
  1572864:XymQEeMAhRnOPrONJ0ul4zdxE77PRQvqRWUBjdnaO:XymgMAhBOyculC62qRdlda
Score

10^/10

evasion execution persistence spyware stealer upx
- Modifies security service
  evasion
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Disables RegEdit via registry modification
  evasion
- Disables Task Manager via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral2