mystic | 270f93d55dc5666aae0c62c0ed23b6ce1f747ef57863d0adf577e20b2b180b48 | Triage

Submit
Reports

Overview

overview

Static

static

3

04140a07f8...6f.exe

windows10-2004-x64

Sharing

General

Target

04140a07f858242aea2e5060fd52668d03619185d20f6c8b2c6debfe4a5f7b6f.zip
Size

888KB
Sample

240402-l7ertaeg29
MD5

2353eb8715c39c62d03bfc1ae4e09738
SHA1

c69de1df9540f64a7e88263bb70b0e7ab0f25bdb
SHA256

270f93d55dc5666aae0c62c0ed23b6ce1f747ef57863d0adf577e20b2b180b48
SHA512

06c8fe4f3e195060dfeff9d42d9f14ec7ea4167b3868e633652187369b613224ef1acb7b8376c072a4fc0aa096349440aad6fac0a3aa3317abbe71949d6cb1ad
SSDEEP

24576:TupaQLQfIS62lW9TVU6fFAz5XxHvEdhuD+PWA:TwNHx2lW/UX5Xx8dUD+PB

Score

10^/10

mystic redline smokeloader breha backdoor evasion infostealer persistence stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

04140a07f858242aea2e5060fd52668d03619185d20f6c8b2c6debfe4a5f7b6f.exe

Resource

win10v2004-20240226-en

mystic redline smokeloader breha backdoor evasion infostealer persistence stealer trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://77.91.68.29/fks/

rc4.i32

rc4.i32

Extracted

Family

redline

Botnet

breha

C2

77.91.124.55:19071

Targets

- Target
  
  04140a07f858242aea2e5060fd52668d03619185d20f6c8b2c6debfe4a5f7b6f.exe
- Size
  
  931KB
- MD5
  
  d534bccd65f4d7cb7e7a00809fec8732
- SHA1
  
  bd88bd428b8f9f5fb6ecb7e76b8323b94faa745d
- SHA256
  
  04140a07f858242aea2e5060fd52668d03619185d20f6c8b2c6debfe4a5f7b6f
- SHA512
  
  317581f76534d28b40095f49beb6a8fa42734da6cf939ecfd4363f24d94da782a08bcd64869adae11dec46003a5c3b46e23dc1c1c6708e621f250f13aa7c7e52
- SSDEEP
  
  24576:ryvJJkCTQHmXNqP2T1YrBicnyBaG6+IyM1fAIv7Eo:eYmdqP2irBicX+IL1ftv
Score

10^/10

mystic redline smokeloader breha backdoor evasion infostealer persistence stealer trojan
- Detect Mystic stealer payload
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinesmokeloaderbrehabackdoorevasioninfostealerpersistencestealertrojan

© 2018-2025

Terms | Privacy