mystic | 94badceb6b6f1039c27cf2eb6f8e12015d66c1a9b77c420739cfa1d53fd3aeef | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

ba437a1e6e...d6.exe

windows7-x64

ba437a1e6e...d6.exe

windows10-2004-x64

Sharing

General

Target

ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
Size

864KB
Sample

231011-lbn1lsdf2v
MD5

bd142b855776ba9ee626b8d7c9251cee
SHA1

406bd9e6e756b65fcfd793b9fe4fbbcaadf9a7f1
SHA256

94badceb6b6f1039c27cf2eb6f8e12015d66c1a9b77c420739cfa1d53fd3aeef
SHA512

af4c569b293bbc2836126ac48dce4519f04c4203c73062bd702ffc437b5267b100fef8d8956eca58e2ed9b2fedf75d5b07cc76f6bf3766faca52033ae5396784
SSDEEP

12288:XCVjlaQVxy90QQyv7NSmD8JCn3rCN2mkG7s0amyfpK4HAUMwFCI3DWhNflsFIecU:Xs5aWynTg6T3nk6moQHkCI3D3q2R6A+u

Score

10^/10

mystic redline luate infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6.exe

Resource

win10v2004-20230915-en

mystic redline luate infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Targets

- Target
  
  ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
- Size
  
  907KB
- MD5
  
  1609538cc65c63edce6b5c220371e2b4
- SHA1
  
  adb56a58e570cf51e48dafb38d11cb2803cd59fb
- SHA256
  
  ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
- SHA512
  
  db7c54537311dc60d35331eaa692d26a24fd4ee770f1e5668d74d8e1ef90fa9c9440e5f85319af1194731ad3feff04a9f2564cc93578750c7e7f9bb387efd063
- SSDEEP
  
  12288:lMr/y90+mD8zCT3r69wXHu3/Dke760amsfpc4HAGMwFCI3nWLNDlQFIGcUdxWeoK:Kyf6n3pu3/HcmGuhkCI3nTqOR6I
Score

10^/10

mystic persistence stealer redline luate infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlineluateinfostealerpersistencestealer

© 2018-2025

Terms | Privacy