General

  • Target

    0d3a1f37d96052882a2cc2a8bd97e2b7ff3a244b120c62d03175ef09df7f9660N

  • Size

    336KB

  • Sample

    241110-shq7wasmcn

  • MD5

    e973033afc5ac7c33b4a076a1d6e4170

  • SHA1

    bd09f28d273a8829dbe634a05bf5ccb9d0afe8ff

  • SHA256

    0d3a1f37d96052882a2cc2a8bd97e2b7ff3a244b120c62d03175ef09df7f9660

  • SHA512

    4037e6292e0d069eaf8bdc4904f3323593b45a13aa59dc2bd2a10ee58fd1b223f34d28a13347f2158754a63901da81a1bba751faf8ee54eb87fded19c9e90fe1

  • SSDEEP

    6144:Khy+bnr+Cp0yN90QEZufdeKN6Dafd7WW3jckHGqk5UzYLTsuunjfhRsHaYy:rMryy90vwIs6dWzckHG1UqouWAHaB

Malware Config

Targets

    • Target

      0d3a1f37d96052882a2cc2a8bd97e2b7ff3a244b120c62d03175ef09df7f9660N

    • Size

      336KB

    • MD5

      e973033afc5ac7c33b4a076a1d6e4170

    • SHA1

      bd09f28d273a8829dbe634a05bf5ccb9d0afe8ff

    • SHA256

      0d3a1f37d96052882a2cc2a8bd97e2b7ff3a244b120c62d03175ef09df7f9660

    • SHA512

      4037e6292e0d069eaf8bdc4904f3323593b45a13aa59dc2bd2a10ee58fd1b223f34d28a13347f2158754a63901da81a1bba751faf8ee54eb87fded19c9e90fe1

    • SSDEEP

      6144:Khy+bnr+Cp0yN90QEZufdeKN6Dafd7WW3jckHGqk5UzYLTsuunjfhRsHaYy:rMryy90vwIs6dWzckHG1UqouWAHaB

    • Detect Mystic stealer payload

    • Detects Healer an antivirus disabler dropper

    • Healer

      Healer an antivirus disabler dropper.

    • Healer family

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • Mystic family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks