mystic | bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6 | Triage

Submit
Reports

Overview

overview

Static

static

3

NEAS.bb32e...c6.exe

windows10-2004-x64

Sharing

General

Target

NEAS.bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6.exe
Size

1.3MB
Sample

231114-j54l2she3v
MD5

ac306b384e51e4e70c374d6cfaf43bb9
SHA1

e39453aeb15b662ff2e946b7fe72dd0e69a7a73a
SHA256

bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6
SHA512

435688a7668c3f09490e49b92e3da471f58883f84e60868ac72cb1c340bb6d02444535142effbe6205b58d1d7fc8853c977568f7560008625347a2b79a88a695
SSDEEP

24576:Dye30QZcF5h3/M0QZ3eae9IshCMGGCdD8bDdN+TKf0EhxTYnOKjVgQ9FDfEUpeRb:We3gTrQ9neu4JGbaz3YO099FDL

Score

10^/10

mystic redline taiga infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

NEAS.bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6.exe

Resource

win10v2004-20231023-en

mystic redline taiga infostealer persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  NEAS.bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6.exe
- Size
  
  1.3MB
- MD5
  
  ac306b384e51e4e70c374d6cfaf43bb9
- SHA1
  
  e39453aeb15b662ff2e946b7fe72dd0e69a7a73a
- SHA256
  
  bb32ea7d56902a74dc94787ab68593ef8eef937157e9cdd50eac8fcf2f36dac6
- SHA512
  
  435688a7668c3f09490e49b92e3da471f58883f84e60868ac72cb1c340bb6d02444535142effbe6205b58d1d7fc8853c977568f7560008625347a2b79a88a695
- SSDEEP
  
  24576:Dye30QZcF5h3/M0QZ3eae9IshCMGGCdD8bDdN+TKf0EhxTYnOKjVgQ9FDfEUpeRb:We3gTrQ9neu4JGbaz3YO099FDL
Score

10^/10

mystic redline taiga infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencestealer

© 2018-2025

Terms | Privacy