mystic | 530aed638730850704dfbfb8a261aef1ebbb6fb5117fc4c7a923c7b8ebe7e468 | Triage

Submit
Reports

Overview

overview

Static

static

3

e073d13582...fd.exe

windows10-2004-x64

Sharing

General

Target

ffde7377c5bb70e8cd95e49ed0f3a1ff.bin
Size

874KB
Sample

231112-ejb8fscg8s
MD5

f995007866947b56d7594f5003b87ae7
SHA1

d7a498535b02c744897a7216ba2423eca405097a
SHA256

530aed638730850704dfbfb8a261aef1ebbb6fb5117fc4c7a923c7b8ebe7e468
SHA512

755b04ffeb7e7cfcf2aacb62ecf11fa8973922c440d34bd6745f929f6d7df212272c46367d0f4f1621d9c26e4c88d32ee5d94b65a616dd96b75bbf0fee587e6a
SSDEEP

24576:ppsj9+69tv39Ef2FIjcFW6KfrAXsgC/3kmPAb9ZiI283UxbbPiri:7ssItfZMc6DBgC/0mPAbVd3Ucri

Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd.exe

Resource

win10v2004-20231023-en

mystic redline taiga paypal infostealer persistence phishing stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd.exe
- Size
  
  917KB
- MD5
  
  ffde7377c5bb70e8cd95e49ed0f3a1ff
- SHA1
  
  7082039bc2193c9fdd860efcbc81b4d68735318e
- SHA256
  
  e073d13582d3087a8c983ff36b39ceb0e9ed136bbef1177a54c227fa242ef0fd
- SHA512
  
  ddf08217a277b0d75b24a0229f5066b64ec28fdbe849365626d1de09ab2ab9fa11610ddee4ab204521ae173474853639411f2146abf007639e4f16a001dc6a0d
- SSDEEP
  
  24576:3yySPF+aeuIsKC/G5LYDTLuQaiyTj3Pz:CyyHetzEGSm3
Score

10^/10

mystic redline taiga paypal infostealer persistence phishing stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Detected potential entity reuse from brand paypal.
  phishing paypal
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigapaypalinfostealerpersistencephishingstealer

© 2018-2025

Terms | Privacy