mystic | 018c045f9decf0a3fb68eb27e65d93a82c238fdad9fa23420f84aa6498639d3e | Triage

Sharing

General

Target

018c045f9decf0a3fb68eb27e65d93a82c238fdad9fa23420f84aa6498639d3e
Size

1.0MB
Sample

231012-h95jgaga39
MD5

5bc42c99f044fc7479426fc72e1175d1
SHA1

a86a20a5eee3f6fedb886549e55b5e337537196a
SHA256

018c045f9decf0a3fb68eb27e65d93a82c238fdad9fa23420f84aa6498639d3e
SHA512

8ecf76609e60a30832cda5458b973e150c3ccfc41ec8c7ad9c029a65fecf316eb89e1cf45c01f7af250f9c50399bbf750c8d1044b39fd5f40200343a8ea3a577
SSDEEP

24576:ry+FqSdi5ICwoaixOwwCjL25RL5f1y4gErb8q8cWEmuR3xE:e+tdU0oaNXCfaRL5fYcwq8omuR3x

Score

10^/10

mystic persistence stealer

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

- Target
  
  018c045f9decf0a3fb68eb27e65d93a82c238fdad9fa23420f84aa6498639d3e
- Size
  
  1.0MB
- MD5
  
  5bc42c99f044fc7479426fc72e1175d1
- SHA1
  
  a86a20a5eee3f6fedb886549e55b5e337537196a
- SHA256
  
  018c045f9decf0a3fb68eb27e65d93a82c238fdad9fa23420f84aa6498639d3e
- SHA512
  
  8ecf76609e60a30832cda5458b973e150c3ccfc41ec8c7ad9c029a65fecf316eb89e1cf45c01f7af250f9c50399bbf750c8d1044b39fd5f40200343a8ea3a577
- SSDEEP
  
  24576:ry+FqSdi5ICwoaixOwwCjL25RL5f1y4gErb8q8cWEmuR3xE:e+tdU0oaNXCfaRL5fYcwq8omuR3x
Score

10^/10

mystic persistence stealer
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2