mystic | 48922a35a5ba37dddca84adc818fd762daa91a670a478d00e09f6a738750595d | Triage

Sharing

General

Target

48922a35a5ba37dddca84adc818fd762daa91a670a478d00e09f6a738750595d
Size

881KB
Sample

231113-xv9l7see8s
MD5

98899f22a10c280312fe8d19237f6f18
SHA1

12e758b38967e2a89d3378645eb5a97d6f6bc84c
SHA256

48922a35a5ba37dddca84adc818fd762daa91a670a478d00e09f6a738750595d
SHA512

e3222dd3916bb1f6ace61ac886be0566babdc09b63604f2052b492554f602ec0268737c49cd3ab655094f0fde80824e12f93d20daf722a972967565dd53f94b9
SSDEEP

12288:RMrcy90U5MBk0fpdMlHOX7FVrNOnu0D6M1wsog2uLvEVktUbuMQrTy1ZvX2p:Ny5sfMlo7nEvB8ju5y1Z/A

Score

10^/10

mystic redline taiga infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  48922a35a5ba37dddca84adc818fd762daa91a670a478d00e09f6a738750595d
- Size
  
  881KB
- MD5
  
  98899f22a10c280312fe8d19237f6f18
- SHA1
  
  12e758b38967e2a89d3378645eb5a97d6f6bc84c
- SHA256
  
  48922a35a5ba37dddca84adc818fd762daa91a670a478d00e09f6a738750595d
- SHA512
  
  e3222dd3916bb1f6ace61ac886be0566babdc09b63604f2052b492554f602ec0268737c49cd3ab655094f0fde80824e12f93d20daf722a972967565dd53f94b9
- SSDEEP
  
  12288:RMrcy90U5MBk0fpdMlHOX7FVrNOnu0D6M1wsog2uLvEVktUbuMQrTy1ZvX2p:Ny5sfMlo7nEvB8ju5y1Z/A
Score

10^/10

mystic redline taiga infostealer persistence spyware stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencespywarestealer