mystic | 5d1598dff77d699f14f54fe3ae5883303f205af0de34c20b849ed97ebffb8b3f | Triage

Sharing

General

Target

c5b4be000540853873ff8618f1d63240N.exe
Size

721KB
Sample

240824-yse59awhmd
MD5

c5b4be000540853873ff8618f1d63240
SHA1

7984ed651ede48bd6047b5bc81eaf161ae9fcaf3
SHA256

5d1598dff77d699f14f54fe3ae5883303f205af0de34c20b849ed97ebffb8b3f
SHA512

6ed683e33794b34e41921979d1289c4c320d0bd5cbf0a05e4ee4fee7080a83b3792efe126adbbc3d3c31e8aa3bc9eb7986d18c3f74c7226f1d991ddfca715fd5
SSDEEP

12288:wMrqy90W4DK2LgNmBy0yALGAUMIjeuewM3niAKvXlN2Tf3ZBW15Lhs949kTU:KyNCOTHAbhRjniAKv2TPLsLhs94x

Score

10^/10

mystic smokeloader backdoor discovery evasion persistence stealer trojan

Malware Config

Targets

- Target
  
  c5b4be000540853873ff8618f1d63240N.exe
- Size
  
  721KB
- MD5
  
  c5b4be000540853873ff8618f1d63240
- SHA1
  
  7984ed651ede48bd6047b5bc81eaf161ae9fcaf3
- SHA256
  
  5d1598dff77d699f14f54fe3ae5883303f205af0de34c20b849ed97ebffb8b3f
- SHA512
  
  6ed683e33794b34e41921979d1289c4c320d0bd5cbf0a05e4ee4fee7080a83b3792efe126adbbc3d3c31e8aa3bc9eb7986d18c3f74c7226f1d991ddfca715fd5
- SSDEEP
  
  12288:wMrqy90W4DK2LgNmBy0yALGAUMIjeuewM3niAKvXlN2Tf3ZBW15Lhs949kTU:KyNCOTHAbhRjniAKv2TPLsLhs94x
Score

10^/10

mystic smokeloader backdoor discovery evasion persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticsmokeloaderbackdoordiscoveryevasionpersistencestealertrojan