mystic | 53d1e4a992d0e1e7fb5d626d98b4a2c53d05e2b7aa357493749b03b320781e4d | Triage

Sharing

General

Target

4fcea54a9c17fac90f3b6b0d80308d5f2b7ae10c2bf51e495aed311cf2dee18a.zip
Size

1.2MB
Sample

240402-l7g7yaec6w
MD5

9b257c436f983a8542ede8ab2f9cd903
SHA1

9a3737566ec3e7c628841c20c5c5fcd08226c4cf
SHA256

53d1e4a992d0e1e7fb5d626d98b4a2c53d05e2b7aa357493749b03b320781e4d
SHA512

ad2ed5a0fa4df46639dd417032ce09eaaebb093e1a00f1410a706d86946fe1024c9c6e4f73112449a1da814b914f0591f0dd17309362e0f4d52d78a8a16d59db
SSDEEP

24576:m5rLaFMrlMb0uL2b5PTsCmMAwk72fO07vdxBfPLgMjGPe8SfuT:Dj/L211Awk72fO0zd3kPOfuT

Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Targets

- Target
  
  4fcea54a9c17fac90f3b6b0d80308d5f2b7ae10c2bf51e495aed311cf2dee18a.exe
- Size
  
  1.3MB
- MD5
  
  28da1699191ac8a7caf7f6dabe7cf475
- SHA1
  
  681fadf79f8a1cd021e5d60d96928bce8efeb950
- SHA256
  
  4fcea54a9c17fac90f3b6b0d80308d5f2b7ae10c2bf51e495aed311cf2dee18a
- SHA512
  
  de4df88d6a87ae40206c0db9d0605f484ae85e115ff8c162ff5634273de85b5e81b96f95ade69c6043b8d37edadedfc9d9513982203bb3118d083c4a4f683d4b
- SSDEEP
  
  24576:IyujT5rYFSSOo757Kj+i+WXC2n08QAm7W7Q4CVrz3LYdf:PSG0Sr1Ki9WXf0x7W7kfy
Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticsmokeloaderbackdoorevasionpersistencestealertrojan