mystic | 4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04
Size

1.4MB
Sample

231112-ys5e5sbg29
MD5

cfb161e90f2abba876fc5a11a4b00af1
SHA1

f74505080ead9fa5c6b6d7b38cbecd7a9f7fbbd5
SHA256

4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04
SHA512

afdb6e707bd036c2a6eddbe63a1b372e999a488b8579f3862738dc86b3a0aedf4f0bd38a2087f702dc5162d500d87d43b900e34146a3fd49b88d3af49033704f
SSDEEP

24576:HyD3wQe4d8BLeTIsLOpGfZDD5vIrzlCUoXBBySqpugO9C6:SMUye8YOG5hIrzwUymSqput9C

Score

10^/10

mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04.exe

Resource

win10v2004-20231023-en

mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04
- Size
  
  1.4MB
- MD5
  
  cfb161e90f2abba876fc5a11a4b00af1
- SHA1
  
  f74505080ead9fa5c6b6d7b38cbecd7a9f7fbbd5
- SHA256
  
  4ea8a8a21cad8ae098aa5d504ae609023d9f506b724c4ebc87838d6c2641cd04
- SHA512
  
  afdb6e707bd036c2a6eddbe63a1b372e999a488b8579f3862738dc86b3a0aedf4f0bd38a2087f702dc5162d500d87d43b900e34146a3fd49b88d3af49033704f
- SSDEEP
  
  24576:HyD3wQe4d8BLeTIsLOpGfZDD5vIrzlCUoXBBySqpugO9C6:SMUye8YOG5hIrzwUymSqput9C
Score

10^/10

mystic redline smokeloader taiga backdoor infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinesmokeloadertaigabackdoorinfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy