mystic | 44c23389fc163805c0a3d274f840d7168a3b04ef228740cc0f3fbb084db72af3 | Triage

Submit
Reports

Overview

overview

Static

static

3

8051c41674...cc.exe

windows10-2004-x64

Sharing

General

Target

9d4790e6ac2f2694bf319a95b04a99ab.bin
Size

874KB
Sample

231112-c8qe9sdb92
MD5

deb9ecf7925c40b7868b46dcef5846d2
SHA1

47bef9052f4ced048cfcef0220e528ab64fba384
SHA256

44c23389fc163805c0a3d274f840d7168a3b04ef228740cc0f3fbb084db72af3
SHA512

1aed110cc3f2512ceeff0911c7a9d2a50d36647d07076100ed5aee9e36f5367e03ca40f304d9b626181dfcde9bc7bc296bcaca8bda9581963ec0250e7cfca61e
SSDEEP

24576:sbwhRpkL6K1gFZpz5WiZimR170GAOV307oAs1nZ+XvySTf:sMy6KEK4wnm30TEnZIySTf

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe

Resource

win10v2004-20231020-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc.exe
- Size
  
  918KB
- MD5
  
  9d4790e6ac2f2694bf319a95b04a99ab
- SHA1
  
  2fd546f458635bbbda5936f9813ee78c67d05ec0
- SHA256
  
  8051c416748df9a755f444b438641086e67f484bd1e5f61f8b441a938f8bb8cc
- SHA512
  
  33c6f653694dcc74cd8f05459cda7dbf2a9ad145157990b9006acf4ee572a6dfd64c71180053c874f44d4ef342ad1ca81648d2c832e7b673ac55a72b250070d8
- SSDEEP
  
  12288:nMr8y90OBDSSvFip42aex4IC5ipCPHGBLPLvTMXiYQTDoPASBqGt0o8dfW2tPdD3:XyfBvCaeuIseC/GZLYDrJV8xWqdX3D
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy