mystic | 1a6318902483aa2924177a48f84811036b841e7b4ffb0e0eb626b1d206a37ee7 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1a6318902483aa2924177a48f84811036b841e7b4ffb0e0eb626b1d206a37ee7
Size

2.5MB
Sample

231014-a5gb3sgc5x
MD5

1f664d1699b3dcf5bb3accc6566833e4
SHA1

a8ee465ce7702482e2e63d3ba06306ea80f2be25
SHA256

1a6318902483aa2924177a48f84811036b841e7b4ffb0e0eb626b1d206a37ee7
SHA512

bb970ae19fb933706e18fc71ebe8ee2c1b29033e83558ba752c3e763be7aaca89bfdf981b4c881bbf2267809faa32b068a22422fb6371233b65176b33a8366a2
SSDEEP

49152:VLMtyQ3eJziMp6a3vr78NlQx2F+VTZXC:VLMtLMQC8h+V

Score

10^/10

mystic redline ramon infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Targets

- Target
  
  1a6318902483aa2924177a48f84811036b841e7b4ffb0e0eb626b1d206a37ee7
- Size
  
  2.5MB
- MD5
  
  1f664d1699b3dcf5bb3accc6566833e4
- SHA1
  
  a8ee465ce7702482e2e63d3ba06306ea80f2be25
- SHA256
  
  1a6318902483aa2924177a48f84811036b841e7b4ffb0e0eb626b1d206a37ee7
- SHA512
  
  bb970ae19fb933706e18fc71ebe8ee2c1b29033e83558ba752c3e763be7aaca89bfdf981b4c881bbf2267809faa32b068a22422fb6371233b65176b33a8366a2
- SSDEEP
  
  49152:VLMtyQ3eJziMp6a3vr78NlQx2F+VTZXC:VLMtLMQC8h+V
Score

10^/10

mystic redline ramon infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlineramoninfostealerpersistencestealer

behavioral2

mysticredlineramoninfostealerpersistencestealer