General
-
Target
3366934fd27fb24f71b0785f360d15c44ce18225d69e0b944d2a743b247b862d
-
Size
1.7MB
-
Sample
231004-zt8pmafa91
-
MD5
5beb0c5583fad02dc696e61d91071dc2
-
SHA1
070ae8f1ea96076208b7cb635fb3d9964c849b30
-
SHA256
3366934fd27fb24f71b0785f360d15c44ce18225d69e0b944d2a743b247b862d
-
SHA512
42caa0d748fba450926602481e2d473fcf45f2f35c354d0e3792212fe021c94619f08fcddd39bb0a1f457968da727df06217784ea30d220d13b975b31f9e1474
-
SSDEEP
49152:VAlzXjrB6QMyMnTWtjIPErIHW2TCacIGQh:ylzTrwkMTWtgmjQ
Malware Config
Targets
-
-
Target
3366934fd27fb24f71b0785f360d15c44ce18225d69e0b944d2a743b247b862d
-
Size
1.7MB
-
MD5
5beb0c5583fad02dc696e61d91071dc2
-
SHA1
070ae8f1ea96076208b7cb635fb3d9964c849b30
-
SHA256
3366934fd27fb24f71b0785f360d15c44ce18225d69e0b944d2a743b247b862d
-
SHA512
42caa0d748fba450926602481e2d473fcf45f2f35c354d0e3792212fe021c94619f08fcddd39bb0a1f457968da727df06217784ea30d220d13b975b31f9e1474
-
SSDEEP
49152:VAlzXjrB6QMyMnTWtjIPErIHW2TCacIGQh:ylzTrwkMTWtgmjQ
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1