mystic | 9450130d4fecd34474dac9ea8a9d9d2284432a9141b7952a35091d218e85799f | Triage

Submit
Reports

Overview

overview

Static

static

3

d4313baf60...e2.exe

windows10-2004-x64

Sharing

General

Target

fa9bbec8337f2a15c9aa1599300370ad.bin
Size

873KB
Sample

231112-eej3hadd85
MD5

a52706cad31e322e8be5e541575cd4c5
SHA1

6d49cdab2450858de1b5fc515b02f31d5c4501b4
SHA256

9450130d4fecd34474dac9ea8a9d9d2284432a9141b7952a35091d218e85799f
SHA512

5f672ccd9bf7c2779be9513515ce75f74070c921560ce8f3873a32630713fbebba1c0b45263f7f92b3c921644a6137da23ed2604b8f5d4ea0e50d8b1cff9a283
SSDEEP

12288:9W02inrvN/mqMTW1pFhoPbSpPNJ/4PTpRgK7WIYfGGHfTj2VWg8w+q6FQPBI9Csa:9JT1+CFGPTnlvYfGtrz+qicB

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe

Resource

win10v2004-20231025-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2.exe
- Size
  
  917KB
- MD5
  
  fa9bbec8337f2a15c9aa1599300370ad
- SHA1
  
  aeb714ec3d0c6ffe8ceba5686b0346d86e17893b
- SHA256
  
  d4313baf6018d4f453524a8406ee31022f451cf1c05b6c7ad0dce7a5954217e2
- SHA512
  
  b070e16f5917ac76ea4ff6e6f4fc900cb68095f4ba13b0cfbacc1e92eef850f6fa0cf77aded69c8f658c08e2e0b2cbf2fd93e2ce3e2ce43e3c2536ddceef9bf7
- SSDEEP
  
  24576:lyRp4a5waeuIsyC/GXLYDXt0/sYSuvLm8pYs:ARpNJet9EG8K0YVqF
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy