Extracted

• • Target

    72df64e43614e170b58e5962ac2ae8e892ab472ad93eb1974e687245b59804b6

  • Size

    1.3MB

  • MD5

    716dee739a1ca6d3fbe97ca1453e4fd3

  • SHA1

    bcd1490bf52296f5e41eba2038d97b93722b1568

  • SHA256

    72df64e43614e170b58e5962ac2ae8e892ab472ad93eb1974e687245b59804b6

  • SHA512

    24aeb94afa0a04bc3d7c622ea242ae71a64baba14eadc2f5be48d109d52989713cefed6625050a90dbc323b9f692a6fef342291aaaa65a1017ae5c412301ae56

  • SSDEEP

    24576:FymFdtmpnRMDYvZGWafUEo6TDyTh4i5H9/BVwQCwiDG5D2UFOZ+70IqHk:gmFdtCRL9gUz6aV5H9/kQC05tdPa

  Score

  10^/10

  healermysticredlinesmokeloadertrushbackdoordiscoverydropperevasioninfostealerpersistencestealertrojan

  • Detect Mystic stealer payload

  • Detects Healer an antivirus disabler dropper

  • Healer

    Healer an antivirus disabler dropper.

    dropperhealer

  • Healer family

    healer

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic

  • Mystic family

    mystic

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Smokeloader family

    smokeloader

  • Executes dropped EXE

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1