mystic | 5c0ad1d944175e8752c9d29249df0ccb5fa9c54dbb23f87785e5a9482d0fc4a4 | Triage

Submit
Reports

Overview

overview

Static

static

3

afa1a13602...33.exe

windows10-2004-x64

Sharing

General

Target

afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.zip
Size

1.3MB
Sample

231119-2cyjfacc79
MD5

0e9426d5448f331d313a2994b4b2fab6
SHA1

46d65ff9aa1a598de7ffae491c3d026b998ea506
SHA256

5c0ad1d944175e8752c9d29249df0ccb5fa9c54dbb23f87785e5a9482d0fc4a4
SHA512

4e46a911e340cbf737338ea093f534c6b5163c288b207e898111ab76154117ae10d2c9646ebda002f5609a9f3b57c01ddcdb3a6832de1ec47f688a0be75d2d86
SSDEEP

24576:WNr/brYeCT0rod+1GYJuL5qdWlLxtUfPbKWuruH8ff5jBpRS1xbN7/kEwth4sK9:Q/80FyxtUfDPriRjBvS1f7/3Ah4s4

Score

10^/10

mystic redline sectoprat smokeloader zgrat @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe

Resource

win10v2004-20231023-en

mystic redline sectoprat smokeloader zgrat @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

redline

Botnet

pixelfresh

C2

194.49.94.11:80

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Targets

- Target
  
  afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe
- Size
  
  1.4MB
- MD5
  
  06545d2660b4542598943edb73268b27
- SHA1
  
  2bf583ca949eba1c5dbf7a3b0e2a44c2a7e00331
- SHA256
  
  afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733
- SHA512
  
  9f7f846cb10b52522891a4687d4114c7dda01fba82a8e11fd4b7169c779e5ac8a222617c1af9bd9936108e43db5426b17b74e100a224a97abd2c7a63c61d3646
- SSDEEP
  
  24576:9y0J89DmUCFLBO4Z5MghMbXTeaIs4qnGKNkDglwQlpkOv4iM/v+yK:YPlmUCdZ5T+jeh/UGjDQlpk13+
Score

10^/10

mystic redline sectoprat smokeloader zgrat @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan
- Detect Mystic stealer payload
- Detect ZGRat V1
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- ZGRat
  ZGRat is remote access trojan written in C#.
  rat zgrat
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

mysticredlinesectopratsmokeloaderzgrat@ytlogsbotpixelfreshtaigabackdoorevasioninfostealerpersistenceratstealertrojan

© 2018-2025

Terms | Privacy