mystic | e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40
Size

1.3MB
Sample

231112-dlp2nadc62
MD5

036dfcd8e8bd292498019a906fa904e2
SHA1

c5522900794fdccb360fc9ebae92d35a4b7ebfe1
SHA256

e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40
SHA512

94cb3dbbe1f22e6c79001bc9476d8d90cc189a4a3b99d5bfd012ebddfffdffdbca39c17f342acb9406dd5b83b394e87b8d4d7f8b9502d8302eb389d68ff9c547
SSDEEP

24576:Ty1oYHfmI8aeiIswC2G/m/Dx0jNlkzsu6JKEIUF+prZgG:m1o0PFe5LNGwEHsNg

Score

10^/10

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40.exe

Resource

win10-20231020-en

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40
- Size
  
  1.3MB
- MD5
  
  036dfcd8e8bd292498019a906fa904e2
- SHA1
  
  c5522900794fdccb360fc9ebae92d35a4b7ebfe1
- SHA256
  
  e159c72a6826966c702d61f927223830129ae4f8dc68d7138bdcb3ec6666cf40
- SHA512
  
  94cb3dbbe1f22e6c79001bc9476d8d90cc189a4a3b99d5bfd012ebddfffdffdbca39c17f342acb9406dd5b83b394e87b8d4d7f8b9502d8302eb389d68ff9c547
- SSDEEP
  
  24576:Ty1oYHfmI8aeiIswC2G/m/Dx0jNlkzsu6JKEIUF+prZgG:m1o0PFe5LNGwEHsNg
Score

10^/10

mystic redline taiga google paypal infostealer persistence phishing spyware stealer
- Detect Mystic stealer payload
- Detected google phishing page
  phishing google
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigagooglepaypalinfostealerpersistencephishingspywarestealer

© 2018-2025

Terms | Privacy