mystic | 6a73599227e89d1b5d677a38bb8a55bf83444df22bd7231474c08a09058ec5d4 | Triage

Sharing

General

Target

6a73599227e89d1b5d677a38bb8a55bf83444df22bd7231474c08a09058ec5d4
Size

888KB
Sample

231114-latvgaad4s
MD5

c9a81773fe199836f9319be0af18e3ff
SHA1

5facafab3a75b840ba5fa7ed5bc1f3f1088fed06
SHA256

6a73599227e89d1b5d677a38bb8a55bf83444df22bd7231474c08a09058ec5d4
SHA512

4884d21ab3d4cf133c7c5eac75877aac925f28347b7ea621608f77d1b87e58ea9cf54f52b5260c526fca7e0e5f55d028e31ba06aca46c85de21403bc42eeed7b
SSDEEP

12288:2Mrxy90LQSoUmANoeQAgay13MYj7Mwy3ZRR82CPgDAQ3AMa9bco+/q9i5wokQ:XycpGrAwtMWMLKsAuAMmbI

Score

10^/10

mystic redline taiga infostealer persistence spyware stealer

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

- Target
  
  6a73599227e89d1b5d677a38bb8a55bf83444df22bd7231474c08a09058ec5d4
- Size
  
  888KB
- MD5
  
  c9a81773fe199836f9319be0af18e3ff
- SHA1
  
  5facafab3a75b840ba5fa7ed5bc1f3f1088fed06
- SHA256
  
  6a73599227e89d1b5d677a38bb8a55bf83444df22bd7231474c08a09058ec5d4
- SHA512
  
  4884d21ab3d4cf133c7c5eac75877aac925f28347b7ea621608f77d1b87e58ea9cf54f52b5260c526fca7e0e5f55d028e31ba06aca46c85de21403bc42eeed7b
- SSDEEP
  
  12288:2Mrxy90LQSoUmANoeQAgay13MYj7Mwy3ZRR82CPgDAQ3AMa9bco+/q9i5wokQ:XycpGrAwtMWMLKsAuAMmbI
Score

10^/10

mystic redline taiga infostealer persistence spyware stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetaigainfostealerpersistencespywarestealer