mystic | 250007a20eae5253da9ddc42e47ea0c767ef419ab5a6dd691f87b7be02033078 | Triage

Submit
Reports

Overview

overview

Static

static

3

682c22ad2f...0f.exe

windows10-2004-x64

Sharing

General

Target

8996ebaf69a06fb129fbdaf404903985.bin
Size

1.2MB
Sample

231114-cvwecsge94
MD5

74c96c756712838ce6a34e7b942ae10c
SHA1

ffc9906dc861ebab6f8417b071c74d4dfbd83c5d
SHA256

250007a20eae5253da9ddc42e47ea0c767ef419ab5a6dd691f87b7be02033078
SHA512

0d3c5a26a17d70bcfaac503a1c60059242ff95fd087039c8fc0473eff4504019ec76a9e6433c6b1448d7eb37ae1f8f034f5dd3fffb93577166940d7aff56fab7
SSDEEP

24576:nwgw4P/w9R9s248P2rqejCpHrMxWinHmLQ1qHVURGADgxU+IQRX:nw9+/w3m272cCWwmcIem6HeX

Score

10^/10

mystic redline taiga infostealer persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

682c22ad2f791ef9c22b6e34a03f21d556eee9176655a680f9365b5f40e4210f.exe

Resource

win10v2004-20231023-en

mystic redline taiga infostealer persistence spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  682c22ad2f791ef9c22b6e34a03f21d556eee9176655a680f9365b5f40e4210f.exe
- Size
  
  1.3MB
- MD5
  
  8996ebaf69a06fb129fbdaf404903985
- SHA1
  
  a5acde35015c48611f186dccf9ef097ae7bfeaf9
- SHA256
  
  682c22ad2f791ef9c22b6e34a03f21d556eee9176655a680f9365b5f40e4210f
- SHA512
  
  072010484a1502ebb854e6120b5bde09e0f6bbcf5862ee5d1f555be85a39821f45ea3d04d5af1ad45772f4ff7723127687b4ecad381adcf4c812258ec321252b
- SSDEEP
  
  24576:tyiFlHKnBgaeTIs8CLGOvPDknJLAhxCT0aIKAN6DTPKC9eI+EQ:IiFlqB5e8/oGOiyxCT0aay
Score

10^/10

mystic redline taiga infostealer persistence spyware stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencespywarestealer

© 2018-2025

Terms | Privacy