mystic | f2b7d6b6a30cad1c016103db43e31980ab39931ea0572735f1dc946ccaef1cf2 | Triage

Submit
Reports

Overview

overview

Static

static

3

468360f159...ce.exe

windows10-2004-x64

Sharing

General

Target

6eeb25454d4adbe90b313ffc933a9d29.bin
Size

498KB
Sample

231112-crcg3sdb43
MD5

41e89115e6032b4d34d7e5bb4885e9db
SHA1

a55d0c273836fd8414e0df4f9eac870e211a06fa
SHA256

f2b7d6b6a30cad1c016103db43e31980ab39931ea0572735f1dc946ccaef1cf2
SHA512

ba0c7cc2cfedd4d67c6f6f4d9ac4e53e141eb4cd4a99cd27206499280abdbc19d2040804db7a204917ec7cf439a400d112da80635db6067d046473cd9e9282d0
SSDEEP

12288:xHQ2Oh447XOY2ItvSTXXTI0oxwdhasI9hLDf6w4NgNA:rgrOYMTI0oxWhas0LDf6nNgNA

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe

Resource

win10v2004-20231023-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce.exe
- Size
  
  542KB
- MD5
  
  6eeb25454d4adbe90b313ffc933a9d29
- SHA1
  
  b553856e2e92f6ee309b4251df68c9727a27f317
- SHA256
  
  468360f1591dd8ec04bbc00ffd3c29786bd2c297f1b9860045f242cb250350ce
- SHA512
  
  d9a6fe1cf597eeb7d2f792fb92a1676e43c9947dd6bc2ded8621e1bba0a7e01b4474dee5c4484d7851cafdaef66717e2ab8a4aee6430dc4e50c3fce650e5aeb3
- SSDEEP
  
  12288:GMrIy90DbIDAEoO25jtFRvlXimnoQjRW4Oli7W:iy0EsE/25/RvlSjQFW4OMa
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy