mystic | 4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac | Triage

Submit
Reports

Overview

overview

Static

static

3

4b2b83f77c...ac.exe

windows7-x64

4b2b83f77c...ac.exe

windows10-2004-x64

Sharing

General

Target

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
Size

908KB
Sample

231011-mqmlrsbc46
MD5

939f12f6f0ef949958e6835b42998c67
SHA1

0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388
SHA256

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
SHA512

1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591
SSDEEP

24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k

Score

10^/10

mystic redline luate infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac.exe

Resource

win10v2004-20230915-en

mystic redline luate infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes

auth_value
e45cd419aba6c9d372088ffe5629308b

Targets

- Target
  
  4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
- Size
  
  908KB
- MD5
  
  939f12f6f0ef949958e6835b42998c67
- SHA1
  
  0f87bda2f9f0ecf6bd0dde9fefe7ed865a747388
- SHA256
  
  4b2b83f77c6d81f60d963a3d35562930e3631bc83c02f5b66faf0f12484b6eac
- SHA512
  
  1ab6f2979aa977fc871b076d78d35948cfec1e2e6c3fe4cab62ebdfe9bf4818a79308c912906135c58d5a85f5ad7969509b40353ba3f4f499c36ede301939591
- SSDEEP
  
  24576:syqXpmgNgmulSfDNjrpbWcyLHrEGuglXrarYf:bqXpmgNmlSffWcyAGn4k
Score

10^/10

mystic persistence stealer redline luate infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlineluateinfostealerpersistencestealer

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.