mystic | 20725a400cc4968fc123337c29504c8876cc1177861a0a63ce493f3562975768 | Triage

Submit
Reports

Overview

overview

Static

static

3

afa1a13602...33.exe

windows10-2004-x64

Sharing

General

Target

afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.zip
Size

1.3MB
Sample

231119-zkbzasbe23
MD5

051285d6ed9554045380337999b1c4a2
SHA1

98a2fc90555530bf9add636c0276b7f0dd767b92
SHA256

20725a400cc4968fc123337c29504c8876cc1177861a0a63ce493f3562975768
SHA512

053274dba0c107eb59586fa8fa6a3bf2e4bc57d4f973c8a95ea77210b50acabcce4846d453e796b5f5efd503717fc203e8d223f26846b1ea4cf28e2c2af03eac
SSDEEP

24576:afjBljDRJtnzFdXC0kpfNi6DglEqrKtc8MwBCGSOldhTg:kjDRJ03Fiugzmi4g

Score

10^/10

mystic redline sectoprat smokeloader @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe

Resource

win10v2004-20231023-en

mystic redline sectoprat smokeloader @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://5.42.92.190/fks/index.php

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Extracted

Family

redline

Botnet

pixelfresh

C2

194.49.94.11:80

Extracted

Family

redline

Botnet

@ytlogsbot

C2

194.169.175.235:42691

Targets

- Target
  
  afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733.exe
- Size
  
  1.4MB
- MD5
  
  06545d2660b4542598943edb73268b27
- SHA1
  
  2bf583ca949eba1c5dbf7a3b0e2a44c2a7e00331
- SHA256
  
  afa1a1360224b51648fe7c1cb3233199f0c9c41605d0a7107dfc050ec4d6c733
- SHA512
  
  9f7f846cb10b52522891a4687d4114c7dda01fba82a8e11fd4b7169c779e5ac8a222617c1af9bd9936108e43db5426b17b74e100a224a97abd2c7a63c61d3646
- SSDEEP
  
  24576:9y0J89DmUCFLBO4Z5MghMbXTeaIs4qnGKNkDglwQlpkOv4iM/v+yK:YPlmUCdZ5T+jeh/UGjDQlpk13+
Score

10^/10

mystic redline sectoprat smokeloader @ytlogsbot pixelfresh taiga backdoor evasion infostealer persistence rat stealer trojan
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SectopRAT
  SectopRAT is a remote access trojan first seen in November 2019.
  trojan rat sectoprat
- SectopRAT payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Executes dropped EXE
- Adds Run key to start application
  persistence
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

mysticredlinesectopratsmokeloader@ytlogsbotpixelfreshtaigabackdoorevasioninfostealerpersistenceratstealertrojan

© 2018-2025

Terms | Privacy