MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MysticStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06
SHA3-384 hash: 572413ac9d0649f6f2c8d13910e0805913d4b75abdecc91e0bbb3eab58f3aa5f806c10de9e000204bf2f2b18042d6f5b
SHA1 hash: f9f21d0efe7dd38d4913ffda9ebce4442c81e4dc
MD5 hash: 10fdcdde8b4ce6736b72c81616c2e5f7
humanhash: spring-bulldog-seventeen-batman
File name:10fdcdde8b4ce6736b72c81616c2e5f7.exe
Download: download sample
Signature MysticStealer
Create hunting rule
File size:389'120 bytes
First seen:2023-10-18 16:28:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4f0cdfd3e1be2bc790b5aa9061b7d52c (7 x RedLineStealer, 5 x Smoke Loader, 4 x LummaStealer)
ssdeep 6144:qimUJS2f1THNhYBAqkp4V5eAOo3woAt9fmtOsBMFsLGKJuq/5MlLtDy34tDaTi:FDSu1TtseeNntO6MaKrq4L834t2Ti
Threatray 605 similar samples on MalwareBazaar
TLSH T11684BF0030BA9073CDA5C53049E5E6347D2FB86146729DBF9FE507EB4AA0AC0F67A935
TrID 56.8% (.EXE) InstallShield setup (43053/19/16)
13.8% (.EXE) Win64 Executable (generic) (10523/12/4)
8.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.9% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe MysticStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
315
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.62947.7588.18162.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control greyware lolbin
Link:
https://www.filescan.io/uploads/653007d110dbe5fb92cde2ce/reports/eeeffceb-9a23-4ce4-8387-2cdde94fa7c6/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d4da5965-0b9e-48a9-8585-eceb7786ed2a
Result
Threat name:
Mystic Stealer
Create hunting rule
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1328201
Signature
Allocates memory in foreign processes
Antivirus detection for URL or domain
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Machine Learning detection for sample
Writes to foreign memory regions
Yara detected Mystic Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-10-18 18:28:51 UTC
AV detection:
15 of 22 (68.18%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cse2i6slm4qzyezckd57mnfr6kdaq5frj7pvithi6tcxmtgih4da._file
Verdict:
malicious
Similar samples:
0da998042a1ac6a64e8d39b54a48bf26e8aba748ddf8cf5b6d4bb92d3d2f2031
MysticStealer
3f3f671021a0029d6a83071f9f04ac3990e26ea8b07a42a76f3400b7d2c24198
MysticStealer
6653629a408b7912f22e6a7039884a3319d485b77373cd8716ae295f4b40fddb
MysticStealer
746fa5cc5686ccf10b77ff979e292d993ef637c0499f55c643f3f579aaa1b25d
MysticStealer
7d3f4bb0ca1f25e1a69707c8c350e0aadb00e3a091ec5cd80fc66362fd377e5f
MysticStealer
a1bfe37c9b7ae382a21af70a149b2f70c983f5875ba8b23ec3cf9b9edbe96a3a
MysticStealer
a8db6bf72fb914dd1b8ae8c9d42fb5e1a9a096fcd573d64fc3e48d05a94074ec
MysticStealer
b18169717fa9adab4879ec4040c3e1c0f55f51724385ab61d4a8a739d43e8705
MysticStealer
b66172e4f6915c594d2cb29934b0420a08abe544349b4813f15710a6a01140e5
MysticStealer
f55b9f7a1011222ad2e7803993690520247b549ef8a27e7a3996a958c48fa21e
MysticStealer
+ 595 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/231018-ty8mjahf62/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
5c59db3277aefb761d4b814aaf5f5acd1fd1a0ea154dc565c78b082a3df4566e
MD5 hash:
53e28e07671d832a65fbfe3aa38b6678
SHA1 hash:
6f9ea0ed8109030511c2c09c848f66bd0d16d1e1
Link:
https://www.unpac.me/results/795e98ff-344f-4955-a4f7-5d9c6013d45d/
SH256 hash:
1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06
MD5 hash:
10fdcdde8b4ce6736b72c81616c2e5f7
SHA1 hash:
f9f21d0efe7dd38d4913ffda9ebce4442c81e4dc
Link:
https://www.unpac.me/results/795e98ff-344f-4955-a4f7-5d9c6013d45d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1489a47a4b67/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MysticStealer

Executable exe 1489a47a4b67219c132250fbf634b1f2860874b14fdf544ce8f4c5764cc83f06

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2719349/
  
Delivery method
Distributed via web download

Comments