mystic | 28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
Size

1.4MB
Sample

231111-1my3aacd86
MD5

82dc9d995a6a68ef65beb3a0e06eb922
SHA1

984bab27c7244369bf67ae3b7af0d66165b6dcb8
SHA256

28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
SHA512

ec6d6ef74835eff0397917e42e3b30bfbd0951b43ddc6757c20009030130a10109f816427d5709dc17bd3e1781331f224191a9bb97f883493aac31b955552fc7
SSDEEP

24576:ByHVDHG3aHjkHqrlJ1WB/7esIskQVG/nbDZZ1ntFW7OQFqHLaDZkvDD1pduYmIy:0saDnrlJ1WVebN0GzNrnzW7OQqaDOvDD

Score

10^/10

mystic redline smokeloader stealc zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5.exe

Resource

win10v2004-20231020-en

mystic redline smokeloader stealc zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

stealc

C2

http://77.91.68.247

Attributes

url_path
/c36258786fdc16da.php

rc4.plain

Extracted

Family

smokeloader

Botnet

up3

Targets

- Target
  
  28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
- Size
  
  1.4MB
- MD5
  
  82dc9d995a6a68ef65beb3a0e06eb922
- SHA1
  
  984bab27c7244369bf67ae3b7af0d66165b6dcb8
- SHA256
  
  28d45ae2c91a30136b0599de6252f4e3f0342647a354e40a93a1e259e2fb03c5
- SHA512
  
  ec6d6ef74835eff0397917e42e3b30bfbd0951b43ddc6757c20009030130a10109f816427d5709dc17bd3e1781331f224191a9bb97f883493aac31b955552fc7
- SSDEEP
  
  24576:ByHVDHG3aHjkHqrlJ1WB/7esIskQVG/nbDZZ1ntFW7OQFqHLaDZkvDD1pduYmIy:0saDnrlJ1WVebN0GzNrnzW7OQqaDOvDD
Score

10^/10

mystic redline smokeloader stealc zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan
- Detect Mystic stealer payload
- Detect ZGRat V1
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Stops running service(s)
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

mysticredlinesmokeloaderstealczgrattaigaup3backdoorevasioninfostealerpersistenceratstealertrojan

© 2018-2025

Terms | Privacy