General
-
Target
1a7ddd2247df95cd96df8cde4891bd49aae71cc43f0b43db3c0f6f425e1b3dd6
-
Size
1.2MB
-
Sample
231006-npl5aada63
-
MD5
0f531bdad60026a1b9304cfbb5b5c079
-
SHA1
44e11a66828cc96fddaf20be14ea2875e230383b
-
SHA256
1a7ddd2247df95cd96df8cde4891bd49aae71cc43f0b43db3c0f6f425e1b3dd6
-
SHA512
8bd83c43d51aa6ee4c0056055e6fbd1dc7d51a1cacc41bf1b1909899991ec9e360be12824a280b132af5640edfd84291e8892b5dd26b0ef0e3caf9f70b6fbed3
-
SSDEEP
24576:sy/EK3lnTtRxhyU4zECrhJq2k3ony+g/QiU2bh5U:b/blhRxhyUxahJqCnsQi
Malware Config
Targets
-
-
Target
1a7ddd2247df95cd96df8cde4891bd49aae71cc43f0b43db3c0f6f425e1b3dd6
-
Size
1.2MB
-
MD5
0f531bdad60026a1b9304cfbb5b5c079
-
SHA1
44e11a66828cc96fddaf20be14ea2875e230383b
-
SHA256
1a7ddd2247df95cd96df8cde4891bd49aae71cc43f0b43db3c0f6f425e1b3dd6
-
SHA512
8bd83c43d51aa6ee4c0056055e6fbd1dc7d51a1cacc41bf1b1909899991ec9e360be12824a280b132af5640edfd84291e8892b5dd26b0ef0e3caf9f70b6fbed3
-
SSDEEP
24576:sy/EK3lnTtRxhyU4zECrhJq2k3ony+g/QiU2bh5U:b/blhRxhyUxahJqCnsQi
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
Executes dropped EXE
-
Windows security modification
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1