mystic | 1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b | Triage

Submit
Reports

Overview

overview

Static

static

3

1e5309add4...5b.exe

windows7-x64

1e5309add4...5b.exe

windows10-2004-x64

Sharing

General

Target

1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b
Size

924KB
Sample

231011-x91b3sha7y
MD5

5517f73ecd24fa9d53627b8ce7c4cecc
SHA1

13ed6802d17741dfc57478402b8c3196b8b7aedc
SHA256

1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b
SHA512

81115f58bd93fa545162c14cc6a8ed13928dfed5a1a54fc30818dadc105e58a1fe8de68d29dcfdc1bb29d523e03732010b3d9a717abd570210a5f0a7d230a5ed
SSDEEP

24576:AyGSlOJbe3w7XrzNM1Q+K1NaU4K9o2Pc65GoksrZonbf:HIJbwwrrzNS8t44Pc65Go6b

Score

10^/10

mystic redline kendo infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b.exe

Resource

win10v2004-20230915-en

mystic redline kendo infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Targets

- Target
  
  1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b
- Size
  
  924KB
- MD5
  
  5517f73ecd24fa9d53627b8ce7c4cecc
- SHA1
  
  13ed6802d17741dfc57478402b8c3196b8b7aedc
- SHA256
  
  1e5309add481a6658511e0165999534278c5e119856e1a111d631ca7d8d6f05b
- SHA512
  
  81115f58bd93fa545162c14cc6a8ed13928dfed5a1a54fc30818dadc105e58a1fe8de68d29dcfdc1bb29d523e03732010b3d9a717abd570210a5f0a7d230a5ed
- SSDEEP
  
  24576:AyGSlOJbe3w7XrzNM1Q+K1NaU4K9o2Pc65GoksrZonbf:HIJbwwrrzNS8t44Pc65Go6b
Score

10^/10

mystic persistence stealer redline kendo infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlinekendoinfostealerpersistencestealer

© 2018-2025

Terms | Privacy