mystic | 3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b
Size

1.3MB
Sample

231112-drlanacf6w
MD5

2ee5707b1656fefd192239d464d6aacd
SHA1

9849c14b8829c3e7ffc738199fc47babaffe57f8
SHA256

3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b
SHA512

5836029135076e5ad11281277b7f3326353b355d8595122f3bfadf1c50650cd44a81b967fdb78910aaeb52269a521aad03f1f3bc4bc6cde85f3f825ef894ae0d
SSDEEP

24576:gyNi2GuJ7FcbMiaeeIshCuG2vTDGGjoFwIfjox29rZSYpM0zI5JEZI8IY:nNF7jredOZGElGok9kWbzl

Score

10^/10

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b.exe

Resource

win10-20231023-en

mystic redline taiga google paypal infostealer persistence phishing spyware stealer

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b
- Size
  
  1.3MB
- MD5
  
  2ee5707b1656fefd192239d464d6aacd
- SHA1
  
  9849c14b8829c3e7ffc738199fc47babaffe57f8
- SHA256
  
  3e85c5b90f8d7b3f2ae367c6b611bea63e6fdb9fae03bda7125cea8f77ae9d0b
- SHA512
  
  5836029135076e5ad11281277b7f3326353b355d8595122f3bfadf1c50650cd44a81b967fdb78910aaeb52269a521aad03f1f3bc4bc6cde85f3f825ef894ae0d
- SSDEEP
  
  24576:gyNi2GuJ7FcbMiaeeIshCuG2vTDGGjoFwIfjox29rZSYpM0zI5JEZI8IY:nNF7jredOZGElGok9kWbzl
Score

10^/10

mystic redline taiga google paypal infostealer persistence phishing spyware stealer
- Detect Mystic stealer payload
- Detected google phishing page
  phishing google
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigagooglepaypalinfostealerpersistencephishingspywarestealer

© 2018-2025

Terms | Privacy