General
-
Target
NEAS.ccb17e5b9e9fb676e0c501f829d4d830.exe
-
Size
574KB
-
Sample
231116-nysy7abd86
-
MD5
ccb17e5b9e9fb676e0c501f829d4d830
-
SHA1
4a10b5b1bb705927ed1d4950661a86af09cd6e7a
-
SHA256
a1d6b57cc70975aa60113ebb58149b75915df230f1a1795f1ad79a5e58b7e4dd
-
SHA512
c78e612ce1e2a1197c228c136f2909842140272cfb28fe4fecea98718104e48038ea1583e4ea669575a9755c2443815bb0636b0d86deff5bb655b4f55ca667f5
-
SSDEEP
12288:zMray90dPOw+DFYZrOQb2iDp0DfyO6Z9nuFMYDHluACg5:py3lD6ZyQb2iD2byOE2RDLV
Malware Config
Targets
-
-
Target
NEAS.ccb17e5b9e9fb676e0c501f829d4d830.exe
-
Size
574KB
-
MD5
ccb17e5b9e9fb676e0c501f829d4d830
-
SHA1
4a10b5b1bb705927ed1d4950661a86af09cd6e7a
-
SHA256
a1d6b57cc70975aa60113ebb58149b75915df230f1a1795f1ad79a5e58b7e4dd
-
SHA512
c78e612ce1e2a1197c228c136f2909842140272cfb28fe4fecea98718104e48038ea1583e4ea669575a9755c2443815bb0636b0d86deff5bb655b4f55ca667f5
-
SSDEEP
12288:zMray90dPOw+DFYZrOQb2iDp0DfyO6Z9nuFMYDHluACg5:py3lD6ZyQb2iD2byOE2RDLV
Score10/10-
Detect Mystic stealer payload
-
Modifies Windows Defender Real-time Protection settings
-
Mystic
Mystic is an infostealer written in C++.
-
Executes dropped EXE
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1