mystic | 19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5 | Triage

Sharing

General

Target

19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5
Size

927KB
Sample

231012-bzlv2sac64
MD5

cbae5f9680f83a68960c45b2daa763d8
SHA1

428fc54e6d6c97f53fee2cbf052372f61e7fffcc
SHA256

19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5
SHA512

f6b98441c3f5b2c00e03e740cd679757ab061b2d2a1ea88c5efa81c3d5008e4b5a4a8b649dca0cd73a28ecc253d0d6b5f8852a88c508f7420e83c1a6d76d2026
SSDEEP

24576:eyrlSPZN3a/0FBdjbY06dqag4+jm9u5jT:trlWj/fCp

Score

10^/10

mystic persistence stealer

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

- Target
  
  19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5
- Size
  
  927KB
- MD5
  
  cbae5f9680f83a68960c45b2daa763d8
- SHA1
  
  428fc54e6d6c97f53fee2cbf052372f61e7fffcc
- SHA256
  
  19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5
- SHA512
  
  f6b98441c3f5b2c00e03e740cd679757ab061b2d2a1ea88c5efa81c3d5008e4b5a4a8b649dca0cd73a28ecc253d0d6b5f8852a88c508f7420e83c1a6d76d2026
- SSDEEP
  
  24576:eyrlSPZN3a/0FBdjbY06dqag4+jm9u5jT:trlWj/fCp
Score

10^/10

mystic persistence stealer
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2