mystic | 492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270 | Triage

Submit
Reports

Overview

overview

Static

static

3

dridex

windows10-2004-x64

Sharing

General

Target

492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270
Size

1.4MB
Sample

231114-mhsstabe3w
MD5

c57d1db87525d08aa37878c1aa228e32
SHA1

17995f6a09c15098b7a6d6d8ba431288a5ac0b41
SHA256

492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270
SHA512

ffd6a7c35034f74b0299a0e016f216e8a788cfe9c71f38b31a95085f70241b2dff479d2400b7220a3cf06b59d406b520ece7b3ffd7c5bff540514d4293d95ca4
SSDEEP

24576:Dyd9G9QbNKx2J8a6E9s20F+zQvAFng9LpNqcyHne4AIZuqJRvDY:WdIQbYQBR9r0wcoFng9Fg1erIl

Score

10^/10

mystic privateloader redline risepro taiga infostealer loader persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270.exe

Resource

win10v2004-20231023-en

mystic privateloader redline risepro taiga infostealer loader persistence stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

risepro

C2

5.42.92.51

Targets

- Target
  
  492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270
- Size
  
  1.4MB
- MD5
  
  c57d1db87525d08aa37878c1aa228e32
- SHA1
  
  17995f6a09c15098b7a6d6d8ba431288a5ac0b41
- SHA256
  
  492b0af84e2a0bad92ea96b903488694b78d3bd9a95aed38023b3a8c16674270
- SHA512
  
  ffd6a7c35034f74b0299a0e016f216e8a788cfe9c71f38b31a95085f70241b2dff479d2400b7220a3cf06b59d406b520ece7b3ffd7c5bff540514d4293d95ca4
- SSDEEP
  
  24576:Dyd9G9QbNKx2J8a6E9s20F+zQvAFng9LpNqcyHne4AIZuqJRvDY:WdIQbYQBR9r0wcoFng9Fg1erIl
Score

10^/10

mystic privateloader redline risepro taiga infostealer loader persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- PrivateLoader
  PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
  loader privateloader
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- RisePro
  RisePro stealer is an infostealer distributed by PrivateLoader.
  stealer risepro
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticprivateloaderredlineriseprotaigainfostealerloaderpersistencestealer

© 2018-2025

Terms | Privacy