mystic | 4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38
Size

371KB
Sample

231112-qh2bqsgb3w
MD5

8758eef3357122a97cf2a46098dbdcc2
SHA1

ccacfcbb471ca1cbd7d9c844667e7f7bd8d947f6
SHA256

4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38
SHA512

a3b556a47b375cc248d35ebb70832d109f9aa48e293f6c5384935c6a9b00706b11dcb1f90367338fa27ca66de6378276bcb316cb7af07ee5bd6ad66abca60a6a
SSDEEP

6144:Kdy+bnr+Ip0yN90QEe/J3XgLExU5kHiNKyLkq9QmsAFZYgmTS3RIDPaTulJdwC3B:bMroy90IBBUGiNKyLn1sAFagaSVuPL

Score

10^/10

mystic redline taiga infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38.exe

Resource

win10-20231023-en

mystic redline taiga infostealer persistence stealer

windows10-1703-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38
- Size
  
  371KB
- MD5
  
  8758eef3357122a97cf2a46098dbdcc2
- SHA1
  
  ccacfcbb471ca1cbd7d9c844667e7f7bd8d947f6
- SHA256
  
  4ebbc23e91d12a42812a440a32672aaf767490e563ce8778c653b14be2217d38
- SHA512
  
  a3b556a47b375cc248d35ebb70832d109f9aa48e293f6c5384935c6a9b00706b11dcb1f90367338fa27ca66de6378276bcb316cb7af07ee5bd6ad66abca60a6a
- SSDEEP
  
  6144:Kdy+bnr+Ip0yN90QEe/J3XgLExU5kHiNKyLkq9QmsAFZYgmTS3RIDPaTulJdwC3B:bMroy90IBBUGiNKyLn1sAFagaSVuPL
Score

10^/10

mystic redline taiga infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencestealer

© 2018-2025

Terms | Privacy