mystic | 4f5db85b9ff17720a0348db75d45954a63270c63b8259433ef5cbc2739d301ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4f5db85b9ff17720a0348db75d45954a63270c63b8259433ef5cbc2739d301ad_JC.exe
Size

1.0MB
Sample

231007-v37fpseb3s
MD5

f5314aad37f96f2528898fa31897db80
SHA1

cd71af513d2a68bb5d42375fd52034e2ae40ae07
SHA256

4f5db85b9ff17720a0348db75d45954a63270c63b8259433ef5cbc2739d301ad
SHA512

289a0a901ea492383a68217c0891817e7143a3d9620e51ea2d25c7f3c5a226d77655008aac7de48502fe87e277053c6ba10674ee4c2c6d76ef014e3582ffd128
SSDEEP

24576:Hyu7JCRDLIpJuVDU9qno4vuHVKw5UaSW8Ek3nWQeQ6:SkJCRDL0J2o9qNvu1KwezzXWQN

Score

10^/10

mystic redline narik evasion infostealer persistence stealer trojan

Malware Config

Extracted

Family

redline

Botnet

narik

C2

77.91.124.82:19071

Attributes

auth_value
07924f5ef90576eb64faea857b8ba3e5

Targets

- Target
  
  NEAS.4f5db85b9ff17720a0348db75d45954a63270c63b8259433ef5cbc2739d301ad_JC.exe
- Size
  
  1.0MB
- MD5
  
  f5314aad37f96f2528898fa31897db80
- SHA1
  
  cd71af513d2a68bb5d42375fd52034e2ae40ae07
- SHA256
  
  4f5db85b9ff17720a0348db75d45954a63270c63b8259433ef5cbc2739d301ad
- SHA512
  
  289a0a901ea492383a68217c0891817e7143a3d9620e51ea2d25c7f3c5a226d77655008aac7de48502fe87e277053c6ba10674ee4c2c6d76ef014e3582ffd128
- SSDEEP
  
  24576:Hyu7JCRDLIpJuVDU9qno4vuHVKw5UaSW8Ek3nWQeQ6:SkJCRDL0J2o9qNvu1KwezzXWQN
Score

10^/10

mystic redline narik evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinenarikevasioninfostealerpersistencestealertrojan

behavioral2

mysticredlinenarikevasioninfostealerpersistencestealertrojan