mystic | f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-1703-x64

Sharing

General

Target

f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d
Size

1.4MB
Sample

231112-wt8svaab3w
MD5

fa951d632a6b1c8efb577fc5b43a64b5
SHA1

588a6c6dcb784a87c8c3782d4e91f50793eedf9a
SHA256

f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d
SHA512

e2d196c67dd08c8c0f8b0a0bd6aa0b58f056300a90cedd186b4bab690ea34fe3928a24db5ac200b98c4467e36541c4eae114f5746a08542ab45669c0ddbf96a5
SSDEEP

24576:8yPOzyS5WantLziGntWerIsjXUG1mTDtlaSgeje9seOmJPQiGqakesi6z:rlZ8tLWGnUekgEGc+SzC4Hqak

Score

10^/10

mystic redline smokeloader zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d.exe

Resource

win10-20231020-en

mystic redline smokeloader zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan upx

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

smokeloader

Botnet

up3

Targets

- Target
  
  f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d
- Size
  
  1.4MB
- MD5
  
  fa951d632a6b1c8efb577fc5b43a64b5
- SHA1
  
  588a6c6dcb784a87c8c3782d4e91f50793eedf9a
- SHA256
  
  f20a33cd4857d8363fc423ca3ce74f43d5a22f4abc3993a0c1b8b31db6771b0d
- SHA512
  
  e2d196c67dd08c8c0f8b0a0bd6aa0b58f056300a90cedd186b4bab690ea34fe3928a24db5ac200b98c4467e36541c4eae114f5746a08542ab45669c0ddbf96a5
- SSDEEP
  
  24576:8yPOzyS5WantLziGntWerIsjXUG1mTDtlaSgeje9seOmJPQiGqakesi6z:rlZ8tLWGnUekgEGc+SzC4Hqak
Score

10^/10

mystic redline smokeloader zgrat taiga up3 backdoor evasion infostealer persistence rat stealer trojan upx
- Detect Mystic stealer payload
- Detect ZGRat V1
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

mysticredlinesmokeloaderzgrattaigaup3backdoorevasioninfostealerpersistenceratstealertrojanupx

© 2018-2025

Terms | Privacy