mystic | 6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d
Size

1.3MB
Sample

231111-lh8ctscg9s
MD5

087be5f5eba01d95ec91b5b6fb6f78b3
SHA1

69bd4fe1813e8952527d27a141fe07b388fa9ea4
SHA256

6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d
SHA512

c639f8d88a16b7be0a7dd09993be986d3743fe62d2841c0c0364c0ddb990e16da5a55bab64736556057722210f0bd7413df9304c17b09fcd34c0694df9438b97
SSDEEP

24576:iyshML4hFtIDg1aeQIsnCeGmVKDdwf2tsyyltpTpa+5NhJJjWhAIQnK5SpY:JshO4brAeXCDGvJVylt1pa+JJdnw5Sp

Score

10^/10

mystic redline taiga infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d.exe

Resource

win10v2004-20231025-en

mystic redline taiga infostealer persistence spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d
- Size
  
  1.3MB
- MD5
  
  087be5f5eba01d95ec91b5b6fb6f78b3
- SHA1
  
  69bd4fe1813e8952527d27a141fe07b388fa9ea4
- SHA256
  
  6ac8d7d7b4934222cbf4280a0b04503784a06f7e5f20c92528863fb52df0ad3d
- SHA512
  
  c639f8d88a16b7be0a7dd09993be986d3743fe62d2841c0c0364c0ddb990e16da5a55bab64736556057722210f0bd7413df9304c17b09fcd34c0694df9438b97
- SSDEEP
  
  24576:iyshML4hFtIDg1aeQIsnCeGmVKDdwf2tsyyltpTpa+5NhJJjWhAIQnK5SpY:JshO4brAeXCDGvJVylt1pa+JJdnw5Sp
Score

10^/10

mystic redline taiga infostealer persistence spyware stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy