mystic | f6c7ecc392ef69426a3a7b3ec2fae185a91cfadd2101a9d98b0922b814b4d710 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f6c7ecc392ef69426a3a7b3ec2fae185a91cfadd2101a9d98b0922b814b4d710
Size

955KB
Sample

230923-ayyb1sda42
MD5

d90a3af568fa59010eea27c53b1a4361
SHA1

1d158efbecc2f663c8ba5f5538d7cb7a63b8a277
SHA256

f6c7ecc392ef69426a3a7b3ec2fae185a91cfadd2101a9d98b0922b814b4d710
SHA512

3a09ac3264db98a01748ad581fc0b8b44f84b1d2ceae58c8bc68c58dae3823e9fe6412a64e6f1dc784950fbadaddc52b983041d503d0fadd69a09648d6ab37e8
SSDEEP

24576:vyuA6Ol+/D+DDiPH7Wa4oNnblG5nLQBsMGWoQP:6uA6Ol+/GDgH7LjpSQB7GWo

Score

10^/10

mystic persistence stealer

Malware Config

Targets

- Target
  
  f6c7ecc392ef69426a3a7b3ec2fae185a91cfadd2101a9d98b0922b814b4d710
- Size
  
  955KB
- MD5
  
  d90a3af568fa59010eea27c53b1a4361
- SHA1
  
  1d158efbecc2f663c8ba5f5538d7cb7a63b8a277
- SHA256
  
  f6c7ecc392ef69426a3a7b3ec2fae185a91cfadd2101a9d98b0922b814b4d710
- SHA512
  
  3a09ac3264db98a01748ad581fc0b8b44f84b1d2ceae58c8bc68c58dae3823e9fe6412a64e6f1dc784950fbadaddc52b983041d503d0fadd69a09648d6ab37e8
- SSDEEP
  
  24576:vyuA6Ol+/D+DDiPH7Wa4oNnblG5nLQBsMGWoQP:6uA6Ol+/GDgH7LjpSQB7GWo
Score

10^/10

mystic persistence stealer
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2