mystic | 393b3211ac79a8b5a962aaf897465841706765df3126cfd5dd54c16aaa21fffe | Triage

Submit
Reports

Overview

overview

Static

static

3

ee361fa835...3f.exe

windows7-x64

ee361fa835...3f.exe

windows10-2004-x64

Sharing

General

Target

ee361fa8358b6c102fd1cfd20f3eb6b3e1b7145729071be643b34863dc78c03f
Size

864KB
Sample

231011-lxk6vahc97
MD5

9f535c22bb69e5e27b64fe405ef3627e
SHA1

a4a42fd2c102db7ec50191e33b48f2d5be4cb0e8
SHA256

393b3211ac79a8b5a962aaf897465841706765df3126cfd5dd54c16aaa21fffe
SHA512

f7f980f7b6035e1c99457c620485dba5918994d720cd3df616736b6bf912441f2622f442fa7b934daeed00166b677762c3b2b15fa008ceb077a2ab00bdb57879
SSDEEP

12288:7Fy90CCpH+xzDtOMByKMwA42pmqkzGFhZKD83ndWBwYQ/GWsA4SC3/gGMzA4vNkQ:hyJCOzDt1zRLzGv4DuHZ4SYMzAoN3KM

Score

10^/10

mystic redline luate infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ee361fa8358b6c102fd1cfd20f3eb6b3e1b7145729071be643b34863dc78c03f.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee361fa8358b6c102fd1cfd20f3eb6b3e1b7145729071be643b34863dc78c03f.exe

Resource

win10v2004-20230915-en

mystic redline luate infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Targets

- Target
  
  ee361fa8358b6c102fd1cfd20f3eb6b3e1b7145729071be643b34863dc78c03f
- Size
  
  908KB
- MD5
  
  46af40167006031e7f96b2adb0a94383
- SHA1
  
  b8b525365875535fe7c415046099999b8dd93d48
- SHA256
  
  ee361fa8358b6c102fd1cfd20f3eb6b3e1b7145729071be643b34863dc78c03f
- SHA512
  
  6d1694cc2e356da4e2a471e9895d9e9b9f537143260e430dbd34f3541ea99e745fceb83e5eb0c45d0ecc332d3b492f447423e3ab2978c8de3278578a005fa1af
- SSDEEP
  
  12288:IMrXy90HGxpX+PYtyKMww4249MBHhDGD83vtWdwYQ8hjsg4Sg3BgAMzS4vNeRxml:/yDxZ1zYBiDegjX4SYMzSoNdl
Score

10^/10

mystic persistence stealer redline luate infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlineluateinfostealerpersistencestealer

© 2018-2025

Terms | Privacy