Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bT4yT64.exe

  • Size

    674KB

  • Sample

    231113-llv7nscc87

  • MD5

    5f4529e5b92bce847226ba446e060db1

  • SHA1

    472d213eaf18ae34644ec0846ce44d12dbe7e406

  • SHA256

    68aefb44cf834f1e1e2379183ae5b862e4d4aecb9d10edee4de83a3e46fc3704

  • SHA512

    f5a9f24914a7979523c0ae66fd0e1b9f83822ca2b079cdc4380508b49d7643facd2a62c77ee69ef0c2346bec8530925d11e6eef4ddf33fd2eb605774f861fee8

  • SSDEEP

    12288:fMray90V0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6kyBcZb40VQFeRIkI6:ZyAiaaewIsgCQGIgYD7t0iFeR9I6

Score
10/10
mysticgooglepersistencephishingstealer

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.43/loghub/master

Targets

    • Target

      bT4yT64.exe

    • Size

      674KB

    • MD5

      5f4529e5b92bce847226ba446e060db1

    • SHA1

      472d213eaf18ae34644ec0846ce44d12dbe7e406

    • SHA256

      68aefb44cf834f1e1e2379183ae5b862e4d4aecb9d10edee4de83a3e46fc3704

    • SHA512

      f5a9f24914a7979523c0ae66fd0e1b9f83822ca2b079cdc4380508b49d7643facd2a62c77ee69ef0c2346bec8530925d11e6eef4ddf33fd2eb605774f861fee8

    • SSDEEP

      12288:fMray90V0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6kyBcZb40VQFeRIkI6:ZyAiaaewIsgCQGIgYD7t0iFeR9I6

    Score
    10/10
    mysticgooglepersistencephishingstealer

    • Detect Mystic stealer payload

    • Detected google phishing page

      phishinggoogle

    • Mystic

      Mystic is an infostealer written in C++.

      stealermystic

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks