mystic | 93432feffcabbe7689ee8494c0bd764913411aadb5a5cf5730b237d297533e6f | Triage

Submit
Reports

Overview

overview

Static

static

3

031c5ae0ba...19.exe

windows10-2004-x64

Sharing

General

Target

93a1b5069034f862883429b5017c08f7.bin
Size

1.2MB
Sample

231113-cyt1psgb89
MD5

8b915ec63700099a2f50f6925e88b0c7
SHA1

0c6f0815d77f305bb4efed97911dc2edc5d9550b
SHA256

93432feffcabbe7689ee8494c0bd764913411aadb5a5cf5730b237d297533e6f
SHA512

15caef2ebd5a66f0b1e178184c398db6c8b84fdd6762c6f975bd94b51aa696d005d893e42693b0dc307e6809230bcac761f7964c93b9c472fdde432447d25cdf
SSDEEP

24576:klVnMSP3soaiBzZNpkuTX5XqaVu7irDfUuSejAU3g7sDaJGMKF+h1VZj:IVZPc/uZNpkTUTUuSzUwUeGa

Score

10^/10

mystic redline taiga infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

031c5ae0ba72c4d99478142b7e3549019b6141c6872a3abe18ac34d82b94c619.exe

Resource

win10v2004-20231025-en

mystic redline taiga infostealer persistence spyware stealer

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  031c5ae0ba72c4d99478142b7e3549019b6141c6872a3abe18ac34d82b94c619.exe
- Size
  
  1.3MB
- MD5
  
  93a1b5069034f862883429b5017c08f7
- SHA1
  
  361d8e67fed20f1af96292ca2e2bee2852c9af32
- SHA256
  
  031c5ae0ba72c4d99478142b7e3549019b6141c6872a3abe18ac34d82b94c619
- SHA512
  
  a610185d69355028829eda8a8d7656e8adc22147e92024a496e13241f6ba0b42f54449c31602e04b6d2c70403b8664ddc7e2e6e861e13fd5e2165970f1c313f1
- SSDEEP
  
  24576:+yPVdRomNp0HMXae9IsZCOGE9bDTWNcTY5afm0jWCLBmbs:NPVbo4lKeuEPGc+N0Y5cm0jv
Score

10^/10

mystic redline taiga infostealer persistence spyware stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy