mystic | a3437c8195ef3b06e7c6d411aac45170f8d49bb324f6c0783fd099249d6c9aa5 | Triage

Submit
Reports

Overview

overview

Static

static

3

8411a83cb9...ce.exe

windows7-x64

8411a83cb9...ce.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

8411a83cb9f04226bbcec51e67b20f5deeed4db8739f89403f057ca7a78d33ce
Size

891KB
Sample

231011-yjczjabc26
MD5

16cc96317223d3b68d55ec4a44f348f0
SHA1

235cec3e0a53c0bb5234a0c47d3063ea03fc8605
SHA256

a3437c8195ef3b06e7c6d411aac45170f8d49bb324f6c0783fd099249d6c9aa5
SHA512

e6066a124ee1f58c659eaa890a96b415ba16bd512edcaec0819cf4a4d8b9f6821d441d10326e719d866b59f24f1d947c0735d27be7d3a0321c19783bc6d270b9
SSDEEP

24576:L3hyuChyT1hhFPjN+GNivH/5H97khGWB5rFAvm6PAy:L3UuCYT1hrNNidBtSy

Score

10^/10

mystic redline kendo infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8411a83cb9f04226bbcec51e67b20f5deeed4db8739f89403f057ca7a78d33ce.exe

Resource

win7-20230831-en

mystic persistence stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

8411a83cb9f04226bbcec51e67b20f5deeed4db8739f89403f057ca7a78d33ce.exe

Resource

win10v2004-20230915-en

mystic redline kendo infostealer persistence stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes

auth_value
5a22a881561d49941415902859b51f14

Targets

- Target
  
  8411a83cb9f04226bbcec51e67b20f5deeed4db8739f89403f057ca7a78d33ce
- Size
  
  935KB
- MD5
  
  03ea9bef7721cea95b74044b59cef220
- SHA1
  
  cb95296b1c002f95a4c9d5fc144068caaa3b5dd1
- SHA256
  
  8411a83cb9f04226bbcec51e67b20f5deeed4db8739f89403f057ca7a78d33ce
- SHA512
  
  13c21f0f02bded88f02e35e9cd05c2cbad4ec224a6a5ebadedc05ab62c08bb74b3f11f9c02f82ea2a5286c87a9694d6dae565198390aa40f659c6873dd46fb2b
- SSDEEP
  
  24576:ty5pFjVh9PjdkwNivNj5HvbQhyW75rFgFE6XA8r:IzFjVXdfi/tl6
Score

10^/10

mystic persistence stealer redline kendo infostealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

mysticredlinekendoinfostealerpersistencestealer

© 2018-2025

Terms | Privacy