mystic | d59a4122e765064a4e003f35486e52d4a9b467d49d4ea767ed6640f10a60c600 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d59a4122e765064a4e003f35486e52d4a9b467d49d4ea767ed6640f10a60c600
Size

2.5MB
Sample

231014-bhncjsha9y
MD5

0f53935c371db3145b7307465d61f1a1
SHA1

9edabfa755b281976da1addbea590e16463d307d
SHA256

d59a4122e765064a4e003f35486e52d4a9b467d49d4ea767ed6640f10a60c600
SHA512

c2bdcadc0dc98fa11ffc02fe48eb9d3f0fb1495f1c721142fc36718372f45faad44a09e64f7cd2d3840fd5819be7b3ea50fce5662f2a7b7a6e84835be2fe7a1e
SSDEEP

49152:4D6zhEmxGAFWF6a3vO6timnTLFReqsjj0xw:4DoFbOtis3F1sj

Score

10^/10

mystic redline ramon infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes

auth_value
3197576965d9513f115338c233015b40

Targets

- Target
  
  d59a4122e765064a4e003f35486e52d4a9b467d49d4ea767ed6640f10a60c600
- Size
  
  2.5MB
- MD5
  
  0f53935c371db3145b7307465d61f1a1
- SHA1
  
  9edabfa755b281976da1addbea590e16463d307d
- SHA256
  
  d59a4122e765064a4e003f35486e52d4a9b467d49d4ea767ed6640f10a60c600
- SHA512
  
  c2bdcadc0dc98fa11ffc02fe48eb9d3f0fb1495f1c721142fc36718372f45faad44a09e64f7cd2d3840fd5819be7b3ea50fce5662f2a7b7a6e84835be2fe7a1e
- SSDEEP
  
  49152:4D6zhEmxGAFWF6a3vO6timnTLFReqsjj0xw:4DoFbOtis3F1sj
Score

10^/10

mystic redline ramon infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlineramoninfostealerpersistencestealer

behavioral2

mysticredlineramoninfostealerpersistencestealer