mystic | 91cc08eaa2d516fe6b48ecf473dac67146c347e939a09646e1e141008e82003b | Triage

Sharing

General

Target

91cc08eaa2d516fe6b48ecf473dac67146c347e939a09646e1e141008e82003b.exe
Size

652KB
Sample

231124-wtvafseb5s
MD5

f4e05067b330b3af02bcbe478c14dc70
SHA1

dac73148c5ee4176574c51e7429f482a21c0dde6
SHA256

91cc08eaa2d516fe6b48ecf473dac67146c347e939a09646e1e141008e82003b
SHA512

4ee5ff2a6f0150d39968122d2e25cd68839f3f8c085df3a0b11ea2d16a5be583160c38b3d5236b904b50a9657c4f23922eb171ef7819a846c8326bb899228a2d
SSDEEP

12288:EMray90Q5kgF6ABsLF4lZV1xX4dZdXprV8qT7zSrawUGcE3b6QfYBctEQ48:+yb5ku6m6YDvX4dZxJV3v2awUO3b6gt

Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  91cc08eaa2d516fe6b48ecf473dac67146c347e939a09646e1e141008e82003b.exe
- Size
  
  652KB
- MD5
  
  f4e05067b330b3af02bcbe478c14dc70
- SHA1
  
  dac73148c5ee4176574c51e7429f482a21c0dde6
- SHA256
  
  91cc08eaa2d516fe6b48ecf473dac67146c347e939a09646e1e141008e82003b
- SHA512
  
  4ee5ff2a6f0150d39968122d2e25cd68839f3f8c085df3a0b11ea2d16a5be583160c38b3d5236b904b50a9657c4f23922eb171ef7819a846c8326bb899228a2d
- SSDEEP
  
  12288:EMray90Q5kgF6ABsLF4lZV1xX4dZdXprV8qT7zSrawUGcE3b6QfYBctEQ48:+yb5ku6m6YDvX4dZxJV3v2awUO3b6gt
Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticsmokeloaderbackdoorevasionpersistencestealertrojan