General

  • Target

    491ea217cfe9ac2d50ead1ca4277c043e802de9e48a93539eb6c9d62fbd2012a

  • Size

    1.2MB

  • Sample

    231007-edw1nsbc56

  • MD5

    66fcd8b54d3fbffd90b8455aff436f13

  • SHA1

    e901d57b410e90323c8f3d26c51cb7cfedd6e51b

  • SHA256

    491ea217cfe9ac2d50ead1ca4277c043e802de9e48a93539eb6c9d62fbd2012a

  • SHA512

    49d5c6176460cb9ef743ebfdbb6378e170c8928cf4a59832d998424fee0e7d6bd461d92e02db7812ac2447b25fab2a6ea0e2ba5b217408cad7ef8eb3cd1c0742

  • SSDEEP

    24576:2yLaH2kM9IcbjzzxsN2pFRacD+qDcGPRnCaDCewhU/O3S:FO2V973fxL7RakJReU23

Malware Config

Targets

    • Target

      491ea217cfe9ac2d50ead1ca4277c043e802de9e48a93539eb6c9d62fbd2012a

    • Size

      1.2MB

    • MD5

      66fcd8b54d3fbffd90b8455aff436f13

    • SHA1

      e901d57b410e90323c8f3d26c51cb7cfedd6e51b

    • SHA256

      491ea217cfe9ac2d50ead1ca4277c043e802de9e48a93539eb6c9d62fbd2012a

    • SHA512

      49d5c6176460cb9ef743ebfdbb6378e170c8928cf4a59832d998424fee0e7d6bd461d92e02db7812ac2447b25fab2a6ea0e2ba5b217408cad7ef8eb3cd1c0742

    • SSDEEP

      24576:2yLaH2kM9IcbjzzxsN2pFRacD+qDcGPRnCaDCewhU/O3S:FO2V973fxL7RakJReU23

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks