mystic | 5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1
Size

1.1MB
Sample

231010-fex5ssah5z
MD5

b4dbfafc61561eb0cba635f1da979d7e
SHA1

ba3c953f699da66eaa311d603532c96b411ac48c
SHA256

5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1
SHA512

d58433d93db2574d32ef41a7c8fa8c5aef983b7228f037a363b02bf1e7037ef45b3a2ee19db0f437ca1b5c106e0a4dc915147c199b2674efbf1773833df62690
SSDEEP

24576:8yf/aWDXzY9LqmQxBPFEO8e0mD34hMqjvwlHm:r3aeDY9emQxBKRe0YZqjIl

Score

10^/10

mystic evasion persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1.exe

Resource

win7-20230831-en

mystic evasion persistence stealer trojan

windows7-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1.exe

Resource

win10-20230915-en

mystic evasion persistence stealer trojan

windows10-1703-x64

11 signatures

300 seconds

Malware Config

Targets

- Target
  
  5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1
- Size
  
  1.1MB
- MD5
  
  b4dbfafc61561eb0cba635f1da979d7e
- SHA1
  
  ba3c953f699da66eaa311d603532c96b411ac48c
- SHA256
  
  5ddcb2d54a68d43d740791a408c842be01784123bab7b158ef44e525220650d1
- SHA512
  
  d58433d93db2574d32ef41a7c8fa8c5aef983b7228f037a363b02bf1e7037ef45b3a2ee19db0f437ca1b5c106e0a4dc915147c199b2674efbf1773833df62690
- SSDEEP
  
  24576:8yf/aWDXzY9LqmQxBPFEO8e0mD34hMqjvwlHm:r3aeDY9emQxBKRe0YZqjIl
Score

10^/10

mystic evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticevasionpersistencestealertrojan

behavioral2

mysticevasionpersistencestealertrojan

© 2018-2025

Terms | Privacy