mystic | 8c3c135d8ce2c3b6d5664b9df034d00dbf4a1c1c9166d4977d18e28989755c35 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8c3c135d8ce2c3b6d5664b9df034d00dbf4a1c1c9166d4977d18e28989755c35
Size

2.5MB
Sample

231013-27gt6sef71
MD5

a869ab6fc666564685dfd3f45c2be005
SHA1

f7f2cd443ffb360b1b4b120e44f8e04fc2c51632
SHA256

8c3c135d8ce2c3b6d5664b9df034d00dbf4a1c1c9166d4977d18e28989755c35
SHA512

434d4e72c14ddd3d23da04bb14661a216d894d4f55fc8fdb5ce03bc7ab7971362acf3b94f8f804cd935b56b99db6ed76d6171cc1e15b67d75bb24f14f20a7870
SSDEEP

49152:ybtzA0pHxVmkv6a3vQth+CRc/RX7vNVolq+fX/SaD9:ybtzikCc95hkfP3D

Score

10^/10

mystic redline ramon infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Targets

- Target
  
  8c3c135d8ce2c3b6d5664b9df034d00dbf4a1c1c9166d4977d18e28989755c35
- Size
  
  2.5MB
- MD5
  
  a869ab6fc666564685dfd3f45c2be005
- SHA1
  
  f7f2cd443ffb360b1b4b120e44f8e04fc2c51632
- SHA256
  
  8c3c135d8ce2c3b6d5664b9df034d00dbf4a1c1c9166d4977d18e28989755c35
- SHA512
  
  434d4e72c14ddd3d23da04bb14661a216d894d4f55fc8fdb5ce03bc7ab7971362acf3b94f8f804cd935b56b99db6ed76d6171cc1e15b67d75bb24f14f20a7870
- SSDEEP
  
  49152:ybtzA0pHxVmkv6a3vQth+CRc/RX7vNVolq+fX/SaD9:ybtzikCc95hkfP3D
Score

10^/10

mystic redline ramon infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

mysticredlineramoninfostealerpersistencestealer