mystic | 3fddbb1985d4278f4a8f7ddbeab188a3a36a24d156d6cb47a103efab71e5f67b | Triage

Sharing

General

Target

3fddbb1985d4278f4a8f7ddbeab188a3a36a24d156d6cb47a103efab71e5f67b
Size

678KB
Sample

240417-qb6ymsge99
MD5

70c4ec96559ef22e545d2d09f5f31415
SHA1

649f5984a6dfb3c4b7ac6ed6bd89c12fad1e2558
SHA256

3fddbb1985d4278f4a8f7ddbeab188a3a36a24d156d6cb47a103efab71e5f67b
SHA512

860d68d42992608aaa41e508a2a5fe73386f090a3c5bed3dbcc45c30a4b989c02d82da982903bc0be135c1babdbcb22c8de099847b8346f2dfbbe431e160f9f1
SSDEEP

12288:u5JjgkUvs0p66cfV76rstigUhNx3isOQ8nB+xjGMntiCh7AL8RZ8P:KJjgf0ERcfV76wuz3TOZAZntxTL8P

Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  088a62b3ab8a6cb9e8c78e220d8aec5b8ed463d91a3309299e17a2e90af11aea.exe
- Size
  
  721KB
- MD5
  
  1682ace070b7498115d27c779d4d41e5
- SHA1
  
  1a2c3384b780cda0688ff7ffc4a53d3de35fde12
- SHA256
  
  088a62b3ab8a6cb9e8c78e220d8aec5b8ed463d91a3309299e17a2e90af11aea
- SHA512
  
  0d593cd2dbe498fc270273c8f78f9b9f8e836245b564454d3cdc45747643a04d06055a7b4cf90d81dc76d5f533c6f2be14f355e9d8a2212b6e6edffb32ad7213
- SSDEEP
  
  12288:jMrwy90ZmDRb95JLu/m3kDmURMr20yALGFUM3jeueRDY0mUTR4dptCBXIc6b:ryb5SmUDmU02HAqh6FdqpkBp6b
Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticsmokeloaderbackdoorevasionpersistencestealertrojan