mystic | 14835ca4a8e4f7134aeed2f1fbe48bdb90ef71d022b65a1d7447fd49d493112b | Triage

Submit
Reports

Overview

overview

Static

static

3

7337b7025a...3e.exe

windows7-x64

7337b7025a...3e.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7337b7025ab4e60b33704ba6b639e6384402a8f03f8d9dbc7f89b20f4ad8d63e
Size

886KB
Sample

231011-rltazacf51
MD5

a6bb8db47102c77c8bc6b29fd2a47de3
SHA1

aa9fd2825ba8d2377c0e98869df31e9ec8ffedd6
SHA256

14835ca4a8e4f7134aeed2f1fbe48bdb90ef71d022b65a1d7447fd49d493112b
SHA512

9c0e41d4ca3e3989e2011340b2eb1daa5d9c7f08abe0f9524b468626eea671bc780a56dc070c3e482b9c7fe937f8873d0575679406f7fb6345949a35e627e989
SSDEEP

24576:YyDBgJXHXNqC79fK6ea1kJF/KoifEmhSUQycMjNy7khciDNYObiBr9bk:fDQXAC79fKpnKTEU5jd7t

Score

10^/10

mystic redline kendo infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7337b7025ab4e60b33704ba6b639e6384402a8f03f8d9dbc7f89b20f4ad8d63e.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

7337b7025ab4e60b33704ba6b639e6384402a8f03f8d9dbc7f89b20f4ad8d63e.exe

Resource

win10v2004-20230915-en

mystic redline kendo infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Targets

- Target
  
  7337b7025ab4e60b33704ba6b639e6384402a8f03f8d9dbc7f89b20f4ad8d63e
- Size
  
  929KB
- MD5
  
  8b2f4a124b762e73f27bc6cf7fbb7370
- SHA1
  
  5d2026075e650799b51f83c80f465b18c9ef182c
- SHA256
  
  7337b7025ab4e60b33704ba6b639e6384402a8f03f8d9dbc7f89b20f4ad8d63e
- SHA512
  
  0a1102627a52d70042351ba9c05e8231e15b4d019e219c9f4341935add09aebd3d62071f529a2aa447b4cc467db3a76bdfad25097d335d65067e08b6d5c02e8b
- SSDEEP
  
  24576:vyF1XTXNeC59fc6Ia1yJF/WWizEmhS6QOcMfdy7IhciZNYObWx/9:6jDYC59fcbDWlo6rfd7
Score

10^/10

mystic persistence stealer redline kendo infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlinekendoinfostealerpersistencestealer

© 2018-2025

Terms | Privacy