General

  • Target

    59d67eafd5a20d2f3bd6c34f4d8456dcd6027a3b67ecd16703703d5035f78809

  • Size

    1.1MB

  • Sample

    231006-12pgdsad88

  • MD5

    8f10f4618927f07164e1f0fcfda89c92

  • SHA1

    402f9d190f6b8025d77d7c92a1f9a601e8dff049

  • SHA256

    59d67eafd5a20d2f3bd6c34f4d8456dcd6027a3b67ecd16703703d5035f78809

  • SHA512

    3cc87d1f2c429f0c2d3891b4a7d42c5ef55d875952ff6bdc2065de98906c39abf1c839b5c011edc792ee55d246c2e211fc1c24f64240522f140957f40489ec85

  • SSDEEP

    24576:JynjLi5elw3n135GFN8PI89BrD5jK7TM8FWdPTO:8nK5elw3n15eG5jK7TMeWBT

Malware Config

Targets

    • Target

      59d67eafd5a20d2f3bd6c34f4d8456dcd6027a3b67ecd16703703d5035f78809

    • Size

      1.1MB

    • MD5

      8f10f4618927f07164e1f0fcfda89c92

    • SHA1

      402f9d190f6b8025d77d7c92a1f9a601e8dff049

    • SHA256

      59d67eafd5a20d2f3bd6c34f4d8456dcd6027a3b67ecd16703703d5035f78809

    • SHA512

      3cc87d1f2c429f0c2d3891b4a7d42c5ef55d875952ff6bdc2065de98906c39abf1c839b5c011edc792ee55d246c2e211fc1c24f64240522f140957f40489ec85

    • SSDEEP

      24576:JynjLi5elw3n135GFN8PI89BrD5jK7TM8FWdPTO:8nK5elw3n15eG5jK7TMeWBT

    • Detect Mystic stealer payload

    • Modifies Windows Defender Real-time Protection settings

    • Mystic

      Mystic is an infostealer written in C++.

    • Executes dropped EXE

    • Windows security modification

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks