mystic | 1240f15e2fdda104596dc3bdbb8f8fd2424d0b20c8a45b625ca26b6fc0aefef8 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.dbcba...d0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.dbcbae29506904c50e7b6ce4ce45f2d0.exe
Size

658KB
Sample

231116-187xbabd8s
MD5

dbcbae29506904c50e7b6ce4ce45f2d0
SHA1

f56c5ebdc54a473d3402736e0ce337f43abe9aab
SHA256

1240f15e2fdda104596dc3bdbb8f8fd2424d0b20c8a45b625ca26b6fc0aefef8
SHA512

3d7077fbba114cc51667c23c94eceb0a18738259fa0cdfe856c45bc1543b6d8468d49b22c03eec62829d28c2e059f262e2a7d2cc92ee1baedc7a0f716d9e113b
SSDEEP

12288:wMrBy90r0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6+vYOsL3Coznr9KMBF:hy+iaaewIsgCQGIgYDmH1ojrT3

Score

10^/10

mystic paypal persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.dbcbae29506904c50e7b6ce4ce45f2d0.exe

Resource

win10v2004-20231020-en

mystic paypal persistence phishing stealer

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.dbcbae29506904c50e7b6ce4ce45f2d0.exe
- Size
  
  658KB
- MD5
  
  dbcbae29506904c50e7b6ce4ce45f2d0
- SHA1
  
  f56c5ebdc54a473d3402736e0ce337f43abe9aab
- SHA256
  
  1240f15e2fdda104596dc3bdbb8f8fd2424d0b20c8a45b625ca26b6fc0aefef8
- SHA512
  
  3d7077fbba114cc51667c23c94eceb0a18738259fa0cdfe856c45bc1543b6d8468d49b22c03eec62829d28c2e059f262e2a7d2cc92ee1baedc7a0f716d9e113b
- SSDEEP
  
  12288:wMrBy90r0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6+vYOsL3Coznr9KMBF:hy+iaaewIsgCQGIgYDmH1ojrT3
Score

10^/10

mystic paypal persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpaypalpersistencephishingstealer

© 2018-2025

Terms | Privacy