mystic | 8fe46c7fa8f9aa4bf64dbc0fa9a1035875d7c94d139418284754473cc93dbe3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8fe46c7fa8f9aa4bf64dbc0fa9a1035875d7c94d139418284754473cc93dbe3b
Size

1.2MB
Sample

231007-a3893sag96
MD5

bee9d99ecef94f358964129388df01b0
SHA1

828bcb3d3ed8de9b20d11206b81c837781695348
SHA256

8fe46c7fa8f9aa4bf64dbc0fa9a1035875d7c94d139418284754473cc93dbe3b
SHA512

d437f45bc4606f0b1ef8146fb59b69dfe5e0d2bc234b1ba15761e533fbb2e8d5b62c6e865994ad338e69f81716b9ceab4d6a9c8c0d71f454514e607642727e55
SSDEEP

24576:VyGLW/wF2kZsHM8n7mQ4B6kAyQgNROuaNpszalvbF/Tm46Kp0Jkpd:wGa/CxqHJV4B6kAyQYHaNezqp/S46Km

Score

10^/10

mystic evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  8fe46c7fa8f9aa4bf64dbc0fa9a1035875d7c94d139418284754473cc93dbe3b
- Size
  
  1.2MB
- MD5
  
  bee9d99ecef94f358964129388df01b0
- SHA1
  
  828bcb3d3ed8de9b20d11206b81c837781695348
- SHA256
  
  8fe46c7fa8f9aa4bf64dbc0fa9a1035875d7c94d139418284754473cc93dbe3b
- SHA512
  
  d437f45bc4606f0b1ef8146fb59b69dfe5e0d2bc234b1ba15761e533fbb2e8d5b62c6e865994ad338e69f81716b9ceab4d6a9c8c0d71f454514e607642727e55
- SSDEEP
  
  24576:VyGLW/wF2kZsHM8n7mQ4B6kAyQgNROuaNpszalvbF/Tm46Kp0Jkpd:wGa/CxqHJV4B6kAyQYHaNezqp/S46Km
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticevasionpersistencestealertrojan