MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MysticStealer


Vendor detections: 11


Intelligence 11 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b
SHA3-384 hash: d49320ee0a93db99d3b415948c8006af1a8c8072b5cd70fd7437c299a885b0808014400e716c3f52a2df15ae77a91871
SHA1 hash: c8d6d055941001be7246f2ba72797b43784e2c5f
MD5 hash: 9e11c9944af2b6f2211c2e9feeb6d3a3
humanhash: ohio-sweet-nitrogen-paris
File name:SecuriteInfo.com.Trojan.Inject4.62396.8051.14899
Download: download sample
Signature MysticStealer
Create hunting rule
File size:1'104'896 bytes
First seen:2023-10-12 21:45:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c2ede2d1d1824f0fded580996722f5f (19 x MysticStealer, 15 x RedLineStealer, 13 x Smoke Loader)
ssdeep 12288:Zobm4/qx4e1wW/OJ7XG0KcJjIi5i52gmdS/uHoGXsNmsc8e6m0:Zn4/qx4e1wW/kVbL5i5OCmsc8e6
Threatray 503 similar samples on MalwareBazaar
TLSH T1D1359D307C849472EDE221B747ECBA6986BDE4B0031952CF46D81BEED7645C26F33686
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter SecuriteInfoCom
Tags:exe MysticStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
315
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Inject4.62396.8051.14899
Verdict:
Malicious activity
Analysis date:
2023-10-12 21:46:08 UTC
Tags:
stealc stealer
Link:
https://app.any.run/tasks/01582200-8d94-4656-aec4-132ef9b4354c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/453963/
Detection(s):
SecuriteInfo.com.Trojan.Inject4.62396.8051.14899.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Launching a process
Сreating synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control greyware lolbin mokes
Link:
https://www.filescan.io/uploads/652868e5c51de9263e5968a9/reports/49e4281f-e18d-4572-b3ce-98602959ebb0/overview
Verdict:
Malicious
Labled as:
Injector.ETFD trojan
Link:
https://www.hybrid-analysis.com/sample/14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Conti
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/79d7c031-4869-4f62-93e7-dcd6b7f383f5
Result
Threat name:
Mystic Stealer
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1324989
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Contains functionality to inject code into remote processes
Injects a PE file into a foreign processes
Writes to foreign memory regions
Yara detected Mystic Stealer
Behaviour
Behavior Graph:
Download SVG
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-10-12 21:46:06 UTC
File Type:
PE (Exe)
AV detection:
17 of 23 (73.91%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cszlnykn6weggkiuijwy6azbnbaojo5xwdny3u32pkn3emr7aofq._file
Verdict:
unknown
Similar samples:
100eb231b26072a964ce1c37eaedac6c132d272d5e23e0480bfd769c39389a0a
MysticStealer
108f3dbcb2740920743bf7b8c05afb2c142f2a2a8850f2f68fc9af2c01a87f71
MysticStealer
4152cd3aeeebb927e6c14da59f6868d801dc8a30f04f20b25e3e76ed8a7191ae
MysticStealer
77d0e697edfe2dfa3fbff5f5245f57bb56469c46761a9b9dff34b6599e11f68a
MysticStealer
92f3280ebdf20d06d948c1e2d596339d731b305b642f2be65a57499c2f0ec4ea
MysticStealer
94858366f885da7ca7f94d9b101c218e25fb6dead470a9e218e7fc6545a2d0d2
MysticStealer
98d0806281d676bae1d65ca55e0a604f552b53fb6003a622326c54dbc0115996
MysticStealer
e4aa33b217985fd838d0ec580faadbdd617b0fca51a0d0ecd1f8060f4ef351ac
MysticStealer
e8c8adcc3b28d2fbf045214df0549ee9f0980954f4406f941c9e450a5f4e9111
MysticStealer
f1a8814c14895928072473c75ed6d1ce167a85b17689725bada2d164706088b1
MysticStealer
+ 493 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/231012-1l4alsdg94/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
1293d50b7f652dac9c871a22edbb00592b327e8b55fc98c6bebb5c681436c469
MD5 hash:
c9b6749b108027eccfd99a5c32462428
SHA1 hash:
55be6c256e50160137962a721917ff71716d791a
Link:
https://www.unpac.me/results/fcc876aa-7d4f-458a-b60a-8edb3b968d05/
SH256 hash:
14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b
MD5 hash:
9e11c9944af2b6f2211c2e9feeb6d3a3
SHA1 hash:
c8d6d055941001be7246f2ba72797b43784e2c5f
Link:
https://www.unpac.me/results/fcc876aa-7d4f-458a-b60a-8edb3b968d05/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/14b2b6e14df5/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

MysticStealer

Executable exe 14b2b6e14df588632914426d8f03216840e4bbb7b0db8dd37a7a9bb2323f038b

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/453963/
  
URLhaus
https://urlhaus.abuse.ch/url/2719349/
  
Delivery method
Distributed via web download

Comments