mystic | 1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9
Size

1.2MB
Sample

231008-172nxagd4x
MD5

f332479ac7a5c4a57440f23b530d36d2
SHA1

a11896f34b9884a98bcf381a193ee3be88b48c88
SHA256

1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9
SHA512

8a38fb020893fbb3bcb18c32d532d374c13a6983b50f9a8fa2c8d2ba34717a3c118ec96ccd6005f36b55b3d80466016fe7dbc078bad9e1656eef8809cd5f0cda
SSDEEP

24576:Xyi4GEw3gg2gj29jD3zE4wgD3kUR0YMLg6H5DtCh96:iEEOgg9G9w2MLh5Dtk9

Score

10^/10

mystic persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

300 seconds

Behavioral task

behavioral2

Sample

1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9.exe

Resource

win10-20230915-en

mystic persistence stealer

windows10-1703-x64

7 signatures

300 seconds

Malware Config

Targets

- Target
  
  1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9
- Size
  
  1.2MB
- MD5
  
  f332479ac7a5c4a57440f23b530d36d2
- SHA1
  
  a11896f34b9884a98bcf381a193ee3be88b48c88
- SHA256
  
  1bababe70d37dad8e1ec631237073d7086d164e23b3d37e323d8c817cc9ca2a9
- SHA512
  
  8a38fb020893fbb3bcb18c32d532d374c13a6983b50f9a8fa2c8d2ba34717a3c118ec96ccd6005f36b55b3d80466016fe7dbc078bad9e1656eef8809cd5f0cda
- SSDEEP
  
  24576:Xyi4GEw3gg2gj29jD3zE4wgD3kUR0YMLg6H5DtCh96:iEEOgg9G9w2MLh5Dtk9
Score

10^/10

mystic persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticpersistencestealer

© 2018-2025

Terms | Privacy