mystic | 62bde2f8a687afa63d1c370f0dcf2c89ee6fc454ebaa90e9398a4ad314b9c56b | Triage

Submit
Reports

Overview

overview

Static

static

3

4b2b83f77c...ac.exe

windows7-x64

4b2b83f77c...ac.exe

windows10-2004-x64

Sharing

General

Target

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
Size

865KB
Sample

231011-lwlqzshb84
MD5

ebfdcb72e16329ae04f8598aa7097843
SHA1

d98d3c8b838cd9b87e9b42528d2ec87fe16a2aee
SHA256

62bde2f8a687afa63d1c370f0dcf2c89ee6fc454ebaa90e9398a4ad314b9c56b
SHA512

a48738d8e28de4fbd560fd66a71ecb5bd86773e1b828bcf3fbb8793e9875301a06d59449c5380b0c6d0a24ac8245d232369606e9f29786bf2d41c42677a83d9b
SSDEEP

24576:6jFygKzxkgNgmo4ZDNNrpFoAyLBrWGum3DPaPAQ:6jgTzxkgNw4ZfoAycG7+V

Score

10^/10

mystic redline luate infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe

Resource

win10v2004-20230915-en

mystic redline luate infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Targets

- Target
  
  4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
- Size
  
  908KB
- MD5
  
  939f12f6f0ef949958e6835b42998c67
- SHA1
  
  0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388
- SHA256
  
  4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
- SHA512
  
  1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591
- SSDEEP
  
  24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k
Score

10^/10

mystic persistence stealer redline luate infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlineluateinfostealerpersistencestealer

© 2018-2025

Terms | Privacy