Many exit relays are hosted on cloud servers like EC2 & Azure (40 of each last I checked). https://torstatus.blutmagie.de/ showed 5 Tor relays being proxied through Mullvad. Coincidences by definition do happen 
IIUC the IP did not appear on Exonerator? I don’t know if any situations exist where exit IPs might not be logged.
To implement the scenario in the OP, host would have to be compromised. Attacker would have to change Workstation VM network settings to use NAT instead of Internal Network ‘Whonix’ and then from within Workstation, attacker would need to call ssh using /usr/bin/ssh.anondist-orig. For what purpose? To reveal your VPN ip?
I think the only definitive lesson (so-far) to be learned here is this:
IIRC the client software is not open-source so hard to figure out what’s going on there. (maybe missing write privileges?) Best option is to use Mullvad’s .conf files with openvpn. Patrick’s fail-closed vpn-firewall is easy to setup in a linux host. (Also, as you probably know, UDP is fine for tunneling Tor through vpn; tunneling vpn through tor requires TCP).