mystic | cf1b7c877498a94f6342840ca8f5be9e2543ee23eaf7269126fddd023f72a3cd | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.ba26d...30.exe

windows10-2004-x64

Sharing

General

Target

NEAS.ba26d1fb90c49929e058635655cd7e30.exe
Size

330KB
Sample

231113-fbm6eshh23
MD5

ba26d1fb90c49929e058635655cd7e30
SHA1

aa59a7a0645e8fd5a9be6bae6e749f8e2e6a022a
SHA256

cf1b7c877498a94f6342840ca8f5be9e2543ee23eaf7269126fddd023f72a3cd
SHA512

f26382b696e1469d0e134a5a86430537bf83a2997fc0ba9a6e7912ec46ce913632acee120f3e8205a3f0e771aadb592cff05f48c1f7ace1bb6ce511b3c88e2ba
SSDEEP

6144:Kny+bnr+Tp0yN90QEvPYGozB3ko4Vo6Aw5TpeGYIpAfkNgoZjcP2HE:RMrry90BYGGB3q2FGXHiEjY

Score

10^/10

mystic persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.ba26d1fb90c49929e058635655cd7e30.exe

Resource

win10v2004-20231023-en

mystic persistence stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.ba26d1fb90c49929e058635655cd7e30.exe
- Size
  
  330KB
- MD5
  
  ba26d1fb90c49929e058635655cd7e30
- SHA1
  
  aa59a7a0645e8fd5a9be6bae6e749f8e2e6a022a
- SHA256
  
  cf1b7c877498a94f6342840ca8f5be9e2543ee23eaf7269126fddd023f72a3cd
- SHA512
  
  f26382b696e1469d0e134a5a86430537bf83a2997fc0ba9a6e7912ec46ce913632acee120f3e8205a3f0e771aadb592cff05f48c1f7ace1bb6ce511b3c88e2ba
- SSDEEP
  
  6144:Kny+bnr+Tp0yN90QEvPYGozB3ko4Vo6Aw5TpeGYIpAfkNgoZjcP2HE:RMrry90BYGGB3q2FGXHiEjY
Score

10^/10

mystic persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

© 2018-2025

Terms | Privacy