Overview

overview

10

Static

static

3

0d358c430f...94.exe

windows7-x64

10

0d358c430f...94.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 05:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0d358c430f94b2eda8114142219f2a94.exe

  • Size

    356KB

  • MD5

    0d358c430f94b2eda8114142219f2a94

  • SHA1

    0b902e4fff9ecae989869750a535116a80cc364e

  • SHA256

    cc92de366cb49d9c9de26dd8a480cb350e645878df652f776ba424f4053203b1

  • SHA512

    54b490a60ff75d3860ffe7c2da7216205587656ff1a8d83e6e1de6e79bad05ae2b16702cb88e1bbe834af95e23b381cef1956348abba757461d9a946c3f7dc55

  • SSDEEP

    6144:waTeW/s5GqrO5aXnfEGIXWPvZAOAyVyjzQMRq0+TG5Utr27mv6iQhiIcubKDVs0z:ymcGqrOk86xUtrmBs0BC+

Score
10/10
mysticstealer

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Signatures

  • Detect Mystic stealer payload 5 IoCs
  • Mystic

    Mystic is an infostealer written in C++.

    stealermystic
  • Suspicious use of SetThreadContext 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0d358c430f94b2eda8114142219f2a94.exe
    "C:\Users\Admin\AppData\Local\Temp\0d358c430f94b2eda8114142219f2a94.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:3916
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      2⤵
        PID:3804
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        2⤵
          PID:396
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
          2⤵
            PID:372
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
            2⤵
              PID:3108
            • C:\Windows\SysWOW64\WerFault.exe
              C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 300
              2⤵
              • Program crash
              PID:2512
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3916 -ip 3916
            1⤵
              PID:2744

            Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • memory/3108-0-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3108-1-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3108-2-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3108-3-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download

                  • memory/3108-4-0x0000000000400000-0x0000000000428000-memory.dmp

                    Filesize

                    160KB

                    Download