mystic | 168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600 | Triage

Submit
Reports

Overview

overview

Static

static

3

168773a80b...00.exe

windows7-x64

168773a80b...00.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600
Size

929KB
Sample

231011-t6kknscb54
MD5

8956e752d308694b1d1c076aa0f01382
SHA1

c574c2f08e08eabff5d2596cfc1f15361c9159a5
SHA256

168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600
SHA512

1b79a0d3147db43c398efdb10abe651268108f3921b46c2eaaf0419221e8c6c6750760d69b460bd03ff9c4d8c2e74a83179128bb244a472e5f6d613e340d25d8
SSDEEP

12288:+Mr7y90OiXqgiZCQSU57qewBRPPTABw2LgqitgKkp3kGCe6j5aE4PRbWV71c2Up0:Jy/eqn4BU5YP8m2LgnuhKiPNWc/E

Score

10^/10

mystic redline kendo infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600.exe

Resource

win10v2004-20230915-en

mystic redline kendo infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Targets

- Target
  
  168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600
- Size
  
  929KB
- MD5
  
  8956e752d308694b1d1c076aa0f01382
- SHA1
  
  c574c2f08e08eabff5d2596cfc1f15361c9159a5
- SHA256
  
  168773a80b7139041f523acc4f3f8893af24bfc2834124b92f3ba9d29f535600
- SHA512
  
  1b79a0d3147db43c398efdb10abe651268108f3921b46c2eaaf0419221e8c6c6750760d69b460bd03ff9c4d8c2e74a83179128bb244a472e5f6d613e340d25d8
- SSDEEP
  
  12288:+Mr7y90OiXqgiZCQSU57qewBRPPTABw2LgqitgKkp3kGCe6j5aE4PRbWV71c2Up0:Jy/eqn4BU5YP8m2LgnuhKiPNWc/E
Score

10^/10

mystic persistence stealer redline kendo infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlinekendoinfostealerpersistencestealer

© 2018-2025

Terms | Privacy