mystic | 12fc411362fbf7db2790399c07452564ed99e472ce5da3dbcce6d6ada8171282 | Triage

Sharing

General

Target

12fc411362fbf7db2790399c07452564ed99e472ce5da3dbcce6d6ada8171282
Size

742KB
Sample

231014-e1xwgsgc2s
MD5

65da09996daf86723200abab2fe4ed5d
SHA1

624a24c6cf82ad8fb48494959b4a7656fcd1862c
SHA256

12fc411362fbf7db2790399c07452564ed99e472ce5da3dbcce6d6ada8171282
SHA512

859f7a41ad6d4a055d3d09f72d2028ab4dc8185fe7149ed04c9f4d1f4fae40b0f6ab169020e157c6199b8337ae09427f332565ba3b424db4541808d0a26f7813
SSDEEP

12288:JJ//yfYb5BIQZVt8keGlm/KJiYRVSpaLl5UubFlLT49T95FYy/n1K4SiFdA8pN9:riuBtZXeGgCNRVSo7FlLmYcn1KedPV

Score

10^/10

mystic redline moner infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

moner

C2

77.91.124.82:19071

Attributes

auth_value
a94cd9e01643e1945b296c28a2f28707

Targets

- Target
  
  12fc411362fbf7db2790399c07452564ed99e472ce5da3dbcce6d6ada8171282
- Size
  
  742KB
- MD5
  
  65da09996daf86723200abab2fe4ed5d
- SHA1
  
  624a24c6cf82ad8fb48494959b4a7656fcd1862c
- SHA256
  
  12fc411362fbf7db2790399c07452564ed99e472ce5da3dbcce6d6ada8171282
- SHA512
  
  859f7a41ad6d4a055d3d09f72d2028ab4dc8185fe7149ed04c9f4d1f4fae40b0f6ab169020e157c6199b8337ae09427f332565ba3b424db4541808d0a26f7813
- SSDEEP
  
  12288:JJ//yfYb5BIQZVt8keGlm/KJiYRVSpaLl5UubFlLT49T95FYy/n1K4SiFdA8pN9:riuBtZXeGgCNRVSo7FlLmYcn1KedPV
Score

10^/10

mystic redline moner infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

mysticredlinemonerinfostealerpersistencestealer