mystic | dfd71c58b1789644bd8ac539dde1fec82c878ae31506dcba82f42f9e9d6795c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

9b3952230a...74.exe

windows10-2004-x64

Sharing

General

Target

e7435f6008850204e11809aa44a42237.bin
Size

874KB
Sample

231112-eaa9sscg3z
MD5

27daf1fb38701df89a2e78e8754c10e2
SHA1

ca2b25c4a4b8b1eecf95d094831e71932e807837
SHA256

dfd71c58b1789644bd8ac539dde1fec82c878ae31506dcba82f42f9e9d6795c2
SHA512

fb7c38656c1b35726c59116faff57bc2ee3a8cf85b141f5661968ac3426af02634745bf5a2a68295b381e083e5aa6e4e4cd3bf44e3617cef465b81e3b9e44ceb
SSDEEP

24576:UVewLEDYo1DUVZE931HK9xWR5659q2WTJxgZiNrZvEZCkCot:4YY6DU7yexE6Hq2W1xbrZcU9G

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74.exe

Resource

win10v2004-20231020-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74.exe
- Size
  
  917KB
- MD5
  
  e7435f6008850204e11809aa44a42237
- SHA1
  
  6068ae95fc2b3152f58b00532ddef79369f99d76
- SHA256
  
  9b3952230a10885ddf0d4815d7a4c5af0ad295bff36054bfc064dc0b224ddb74
- SHA512
  
  585cceb7091a67b6e2a9da28aefbca57fa16a8afd1b8f80b72df52f43dcbdae69201de69c2411a4504d9b52dda1d9858de8d49ea650a296cf38c4c08ec4171b6
- SSDEEP
  
  24576:Uy/mjCNlpYlKaeuIsiC/GnLYD/uf3Y4IYC/ncU1yDypZl:j/MCbOjetLEGs8lC/nrZpZ
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy