mystic | 8d53e27ed42b874940dbff853021981b52c80411162839c9e6a33e2be7268c02 | Triage

Submit
Reports

Overview

overview

Static

static

3

7bf2f95c02...f0.exe

windows10-2004-x64

Sharing

General

Target

fc36af7f28a807d40b48cc4bc024e405.bin
Size

877KB
Sample

231112-eetxpscg7s
MD5

77709139825fd012d651c607d9f7e3d8
SHA1

990d3bcf41532b4446fecb65a13d87e21620ad50
SHA256

8d53e27ed42b874940dbff853021981b52c80411162839c9e6a33e2be7268c02
SHA512

13e1d6bd697b221645fb884477f5ef750984dc96703207d9cd3aa37b7eaee35f64e360960bb84ce3e6c5721250a9cfe050627e266a1e2a790fe85bf5d87f67f0
SSDEEP

12288:64nl/bozuMXy4OfmuYKau6xW8bBUwO9CHDhSVgvfQ+ELltY6IUY2n/yvoxdr8ZcE:dBozuq5Cau6A8CF9iY+4tY6IUx6Sdr+9

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7bf2f95c02d6a67164588318e925ce09a8da25f5f5f71e50a3fcd84bf84c91f0.exe

Resource

win10v2004-20231020-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  7bf2f95c02d6a67164588318e925ce09a8da25f5f5f71e50a3fcd84bf84c91f0.exe
- Size
  
  921KB
- MD5
  
  fc36af7f28a807d40b48cc4bc024e405
- SHA1
  
  f99188c686bca68d4d092dbfc95a5990aaf59ccd
- SHA256
  
  7bf2f95c02d6a67164588318e925ce09a8da25f5f5f71e50a3fcd84bf84c91f0
- SHA512
  
  7d1a2ad317c02071e93d11db8e55ecc0094ace479f0ac07fa85f4063d44dcf755aec2458382c0592e9ed032c6a5180c9bfc6dd1042330c64e168c2d23f573fc7
- SSDEEP
  
  24576:3ykoCVATWgaeuIsyC/GjLYD7wID3S8wuKxYsc5W9fQlWq:Cko+5et1EGIwsi8wuty9fQl
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy