mystic | 40c28814bd43ce1243efd6f60bac4e00371491577d9ec580ca356a2a713b9c6e | Triage

Submit
Reports

Overview

overview

Static

static

3

8796c468bf...50.exe

windows10-2004-x64

Sharing

General

Target

7be1a51209c8b55b7d7f2500a6676e3d.bin
Size

874KB
Sample

231112-cwtxxsce3t
MD5

334afd8af3e7a8e58e280f689ce58512
SHA1

c7e1bd5570d4ebd7ddb53024d8b52e9272cc4122
SHA256

40c28814bd43ce1243efd6f60bac4e00371491577d9ec580ca356a2a713b9c6e
SHA512

ba541db9ddecb45d64d6d3eb2047beb836f631e25e3260319e90dd83c2d9008d4aebff019be432b2cd94b5e0af943989c209353400c67cae0b5aec5b9ac04e66
SSDEEP

12288:pDMJLUYZLClfkRo5N77qP62Sz1ZizCu6IvlA8D0rOuRkD43UK6eWrViMkLuVPr:pDM+Dfect7QSz1ZiR9lA6guq2NkCPr

Score

10^/10

mystic redline taiga infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe

Resource

win10v2004-20231023-en

mystic redline taiga infostealer persistence stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50.exe
- Size
  
  917KB
- MD5
  
  7be1a51209c8b55b7d7f2500a6676e3d
- SHA1
  
  88a66bc72994bf21631fd9fa5f8b8edf80b87434
- SHA256
  
  8796c468bfdc78e3045bf30c2d6e8eec98503e0b2ee0fbb61dbe1c3dc4279f50
- SHA512
  
  89a8fa13a58a446cac33a386ae77ab051bda4f8f302f3bae995f6bdf43521350d5ca8b712341056fee8530115cf486b0257e8e8ccc2ecf6b11dfc036b7245d52
- SSDEEP
  
  24576:Oy+KBVfYYFtaeuIsSC/GHLYDTk6ObFbL4WO:dpJYIoet1EGM06GFP4
Score

10^/10

mystic redline taiga infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencestealer

© 2018-2025

Terms | Privacy