mystic | 133ffd208590757b718612dcae6f0628cbd20c703cf6069d0a28e3995f41ed18 | Triage

Sharing

General

Target

133ffd208590757b718612dcae6f0628cbd20c703cf6069d0a28e3995f41ed18
Size

1.2MB
Sample

231006-na66xaag8v
MD5

4a0dad2ecc14ef6780ebf2993471d081
SHA1

6b4ac1a844b67cca49063c2603617bac7fb49c56
SHA256

133ffd208590757b718612dcae6f0628cbd20c703cf6069d0a28e3995f41ed18
SHA512

8d54c44a114844228004795e122c70b751ac6320dd031c0e21142b4990e2d0b83a828375aeef8ce43e6088f5e618dfcc6aa84f146dc732366e27838e39b10d45
SSDEEP

24576:UyAwzcK8W3xgdqLaDpi1psNKpUORsDUMuWa2:jAwzcKUq4iTsKUORsAMR

Score

10^/10

mystic evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  133ffd208590757b718612dcae6f0628cbd20c703cf6069d0a28e3995f41ed18
- Size
  
  1.2MB
- MD5
  
  4a0dad2ecc14ef6780ebf2993471d081
- SHA1
  
  6b4ac1a844b67cca49063c2603617bac7fb49c56
- SHA256
  
  133ffd208590757b718612dcae6f0628cbd20c703cf6069d0a28e3995f41ed18
- SHA512
  
  8d54c44a114844228004795e122c70b751ac6320dd031c0e21142b4990e2d0b83a828375aeef8ce43e6088f5e618dfcc6aa84f146dc732366e27838e39b10d45
- SSDEEP
  
  24576:UyAwzcK8W3xgdqLaDpi1psNKpUORsDUMuWa2:jAwzcKUq4iTsKUORsAMR
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticevasionpersistencestealertrojan