mystic | 5d8bb381eb06ca3d8e25903bfdd00a1864557abf3b06eb3a04465b2c89f81b30 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5d8bb381eb06ca3d8e25903bfdd00a1864557abf3b06eb3a04465b2c89f81b30
Size

2.6MB
Sample

231014-bcqkqagg2w
MD5

9c049717dbcb7f45aef3f2c2f3861bac
SHA1

8a70cd67fc134ac3f984fec346e052d377bcf465
SHA256

5d8bb381eb06ca3d8e25903bfdd00a1864557abf3b06eb3a04465b2c89f81b30
SHA512

2ad5ef681ee3054c8ec5717b5228993383b885bb77f253bc11e701252d58cb8e4733cdb24d8264912a073634b4848f5c0f11d494b6d839df2597de41d2cd20c0
SSDEEP

49152:gFVL193R79LdBdq06a3v0fa8dMpOkANsl4aix:gFVdYVasMpOkc1

Score

10^/10

mystic redline ramon infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Targets

- Target
  
  5d8bb381eb06ca3d8e25903bfdd00a1864557abf3b06eb3a04465b2c89f81b30
- Size
  
  2.6MB
- MD5
  
  9c049717dbcb7f45aef3f2c2f3861bac
- SHA1
  
  8a70cd67fc134ac3f984fec346e052d377bcf465
- SHA256
  
  5d8bb381eb06ca3d8e25903bfdd00a1864557abf3b06eb3a04465b2c89f81b30
- SHA512
  
  2ad5ef681ee3054c8ec5717b5228993383b885bb77f253bc11e701252d58cb8e4733cdb24d8264912a073634b4848f5c0f11d494b6d839df2597de41d2cd20c0
- SSDEEP
  
  49152:gFVL193R79LdBdq06a3v0fa8dMpOkANsl4aix:gFVdYVasMpOkc1
Score

10^/10

mystic redline ramon infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

mysticredlineramoninfostealerpersistencestealer