mystic | cfbfae0ae6a5a30e7b51bb48d3ae0f55f90a90e171d8907941919a250d6e1e8f | Triage

Sharing

General

Target

cfbfae0ae6a5a30e7b51bb48d3ae0f55f90a90e171d8907941919a250d6e1e8f
Size

678KB
Sample

240417-qslc9shf35
MD5

199eeb4c0aa69fd618797f22c5e31b3d
SHA1

3ea9ef399a6b9feee71c4118a50a26773ea86412
SHA256

cfbfae0ae6a5a30e7b51bb48d3ae0f55f90a90e171d8907941919a250d6e1e8f
SHA512

e4cc7481b30dd670de6240626c241ff5369589bd2a61f2e1737053a6303b77de2a84b28e3fb37913aa7f81c24448f48761b853f65bc273e61f625349b5c026e4
SSDEEP

12288:xKbxkj9RMmKtkhhdr4Uhc6h6R1WS6j9wB4dtlNb0tnfJkaYLU:xWOj9RMmOihiUhc8sezt/wtCZLU

Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  088a62b3ab8a6cb9e8c78e220d8aec5b8ed463d91a3309299e17a2e90af11aea.exe
- Size
  
  721KB
- MD5
  
  1682ace070b7498115d27c779d4d41e5
- SHA1
  
  1a2c3384b780cda0688ff7ffc4a53d3de35fde12
- SHA256
  
  088a62b3ab8a6cb9e8c78e220d8aec5b8ed463d91a3309299e17a2e90af11aea
- SHA512
  
  0d593cd2dbe498fc270273c8f78f9b9f8e836245b564454d3cdc45747643a04d06055a7b4cf90d81dc76d5f533c6f2be14f355e9d8a2212b6e6edffb32ad7213
- SSDEEP
  
  12288:jMrwy90ZmDRb95JLu/m3kDmURMr20yALGFUM3jeueRDY0mUTR4dptCBXIc6b:ryb5SmUDmU02HAqh6FdqpkBp6b
Score

10^/10

mystic smokeloader backdoor evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticsmokeloaderbackdoorevasionpersistencestealertrojan