mystic | 40b86bcec2a0a9e559688a2cff6d54b3695e8b077e0b6b35ff4962eacdbc852e

General

Target

40b86bcec2a0a9e559688a2cff6d54b3695e8b077e0b6b35ff4962eacdbc852e
Size

181KB
MD5

fda76e3b9fea9ce34cfd2124652c3ab1
SHA1

e912e6818ca2522d1bcc549c1d0cbf26ce0b0fe0
SHA256

40b86bcec2a0a9e559688a2cff6d54b3695e8b077e0b6b35ff4962eacdbc852e
SHA512

249935e8127f091512066262dc29de96a6a885e6e3c81bd19c220dfcfef9b7f6884c87b887c4d56a51b5cff304361ae885b859df2199da396c202bb1db65b3ed
SSDEEP

3072:BlQdL3eS0Fsz1ENTA4Ub1ZVzrKrg8Y951Sm8hSaYwWP5Cer2cN2j+mjXS2XSPyrf:S3e9qbtrKct9TjViPcNwX2s

Score

10^/10

mystic

Malware Config

Signatures

Detect Mystic stealer payload 1 IoCs

Processes:

resource yara_rule

sample mystic_family
Mystic family
mystic

resource	yara_rule
sample	mystic_family

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
40b86bcec2a0a9e559688a2cff6d54b3695e8b077e0b6b35ff4962eacdbc852e

Files

40b86bcec2a0a9e559688a2cff6d54b3695e8b077e0b6b35ff4962eacdbc852e
.exe windows:5 windows x86 arch:x86

120fcd59b8cf88c88d1af5610e72d569

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
VirtualFree
VirtualAlloc
WaitForSingleObject
CloseHandle
CreateThread
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetFileType
GetStringTypeW
GetProcessHeap
HeapSize
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
DecodePointer

Sections

.text
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

120fcd59b8cf88c88d1af5610e72d569

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 138KB - Virtual size: 138KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 138KB - Virtual size: 138KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB