mystic | 77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.77cb4...c2.exe

windows10-2004-x64

Sharing

General

Target

NEAS.77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe
Size

1.4MB
Sample

231112-w8vjrsad5y
MD5

f3935b22955ae50d6117ba87916058d9
SHA1

f9b6db6e857d4058272d5e4ae669d75c272baf79
SHA256

77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2
SHA512

1a2a3f19bc3b850b1a5007dda93678371744a5b1bffcc3048e963bc14d4cbd9fb9757c2456f0ea5587f9389f77da2e4d51282387447c1aa6d2d8a95becf93aba
SSDEEP

24576:jyG+4yALf5O8Jiw648ejIsGMAGF6cDnnoPjpEdyxkW2CHPCJzRJ226mqFM:2M1R9AeMTVGTCNXxkvvJzRsc

Score

10^/10

mystic redline smokeloader taiga up3 backdoor infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe

Resource

win10v2004-20231020-en

mystic redline smokeloader taiga up3 backdoor infostealer persistence stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

smokeloader

Botnet

up3

Targets

- Target
  
  NEAS.77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2.exe
- Size
  
  1.4MB
- MD5
  
  f3935b22955ae50d6117ba87916058d9
- SHA1
  
  f9b6db6e857d4058272d5e4ae669d75c272baf79
- SHA256
  
  77cb45093ccf067140c55c5c8b7df6c7ce6e77abda5f7b55e1c0da15fcdb4cc2
- SHA512
  
  1a2a3f19bc3b850b1a5007dda93678371744a5b1bffcc3048e963bc14d4cbd9fb9757c2456f0ea5587f9389f77da2e4d51282387447c1aa6d2d8a95becf93aba
- SSDEEP
  
  24576:jyG+4yALf5O8Jiw648ejIsGMAGF6cDnnoPjpEdyxkW2CHPCJzRJ226mqFM:2M1R9AeMTVGTCNXxkvvJzRsc
Score

10^/10

mystic redline smokeloader taiga up3 backdoor infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinesmokeloadertaigaup3backdoorinfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy