mystic | b0cd60e59830e0d9e86ce5c9a382c628fd2c2e68c7323e82b795afd0678b137f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b0cd60e59830e0d9e86ce5c9a382c628fd2c2e68c7323e82b795afd0678b137f
Size

1.0MB
Sample

231012-he5kzsee32
MD5

4974f00ab78a24cc927bebd02e889e1c
SHA1

aef336f55e3a99c2a9f06fad2ce86917a325a187
SHA256

b0cd60e59830e0d9e86ce5c9a382c628fd2c2e68c7323e82b795afd0678b137f
SHA512

79ec05228e97ab6b8cb7ef66c0c70ac2869f81d29128b6b6312d870006728841c27db98655f40252bf624a1ff65b54b6f4e5a9cfb674911af4c7e8f2703bffd7
SSDEEP

24576:uyt1Qe5Ee8zTEEWPpLv/hMZ6auCL0hXJkMN1u:9t1l58zVENpmpuCL0H

Score

10^/10

mystic redline tuxiu infostealer persistence stealer

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes

auth_value
29610cdad07e7187eec70685a04b89fe

Targets

- Target
  
  b0cd60e59830e0d9e86ce5c9a382c628fd2c2e68c7323e82b795afd0678b137f
- Size
  
  1.0MB
- MD5
  
  4974f00ab78a24cc927bebd02e889e1c
- SHA1
  
  aef336f55e3a99c2a9f06fad2ce86917a325a187
- SHA256
  
  b0cd60e59830e0d9e86ce5c9a382c628fd2c2e68c7323e82b795afd0678b137f
- SHA512
  
  79ec05228e97ab6b8cb7ef66c0c70ac2869f81d29128b6b6312d870006728841c27db98655f40252bf624a1ff65b54b6f4e5a9cfb674911af4c7e8f2703bffd7
- SSDEEP
  
  24576:uyt1Qe5Ee8zTEEWPpLv/hMZ6auCL0hXJkMN1u:9t1l58zVENpmpuCL0H
Score

10^/10

mystic persistence stealer redline tuxiu infostealer
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticpersistencestealer

behavioral2

redlinetuxiuinfostealerpersistence