mystic

Resubmissions

05-05-2024 00:32

240505-avs8wsbg94 7

12-11-2023 19:17

231112-xzp4csah4x 10

12-11-2023 19:05

231112-xrjavaag9t 10

Sharing

Copy URL

Twitter E-mail

General

Target

e1e81d5f4eb8e3a4784d17d12970f212d3bafa2584c69bd81821ba30076cd96d
Size

1.4MB
Sample

231112-xzp4csah4x
MD5

409a6f8b516eeefb33316a9057898eb7
SHA1

d79fe80acc4ce397bef1afce0b90b8ae04c648e0
SHA256

e1e81d5f4eb8e3a4784d17d12970f212d3bafa2584c69bd81821ba30076cd96d
SHA512

2f11c73f28161d48269215da555e79c9dbda6beff67c5a5721e1187c509ab9d3024de6ef0a7034dd35ee68866c10e3f1319a64166414fa739a6c75eca4511fca
SSDEEP

24576:PyprHugHcb699nS3MelIsL9vGuxwDPlCDj7D9lYCmnZLQ352uf/XvYd:apDuYY69YcemUpG7RCrDXYCmnZu2ivv

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Targets

- Target
  
  e1e81d5f4eb8e3a4784d17d12970f212d3bafa2584c69bd81821ba30076cd96d
- Size
  
  1.4MB
- MD5
  
  409a6f8b516eeefb33316a9057898eb7
- SHA1
  
  d79fe80acc4ce397bef1afce0b90b8ae04c648e0
- SHA256
  
  e1e81d5f4eb8e3a4784d17d12970f212d3bafa2584c69bd81821ba30076cd96d
- SHA512
  
  2f11c73f28161d48269215da555e79c9dbda6beff67c5a5721e1187c509ab9d3024de6ef0a7034dd35ee68866c10e3f1319a64166414fa739a6c75eca4511fca
- SSDEEP
  
  24576:PyprHugHcb699nS3MelIsL9vGuxwDPlCDj7D9lYCmnZLQ352uf/XvYd:apDuYY69YcemUpG7RCrDXYCmnZu2ivv
Score

10^/10

mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Detect Mystic stealer payload

RedLine

RedLine payload

SmokeLoader

Checks computer location settings

Executes dropped EXE

Adds Run key to start application

AutoIT Executable

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2