mystic | 8824938b516f326c8fb474e2d13f12a648cbe7fc793dd565bd44ecc9fcbcec96 | Triage

Submit
Reports

Overview

overview

Static

static

3

6fcbcc98eb...cs.exe

windows10-2004-x64

Sharing

General

Target

6fcbcc98ebbbe636a0fe0e54638c2620_NeikiAnalytics.exe
Size

675KB
Sample

240527-l339lsfh8w
MD5

6fcbcc98ebbbe636a0fe0e54638c2620
SHA1

2d721ffb4b9dad939cd44b1723cbcb0af29cb8f1
SHA256

8824938b516f326c8fb474e2d13f12a648cbe7fc793dd565bd44ecc9fcbcec96
SHA512

74618716926b7f59431bd861eba3e3623d297db902e284ba14442cbebd1738cbe453e3c77cb5e67ca8fad4e2a92d5ede9e33542d39dcbb5af498b26966258fb8
SSDEEP

12288:/Mr1y90VQHlyKwme5SYAwaHeIDmb4yImOPsvIaHyqHBhRmux:6yHlyKwAzzmWshSqHR7x

Score

10^/10

mystic redline kinza infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

6fcbcc98ebbbe636a0fe0e54638c2620_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

mystic redline kinza infostealer persistence stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

- Target
  
  6fcbcc98ebbbe636a0fe0e54638c2620_NeikiAnalytics.exe
- Size
  
  675KB
- MD5
  
  6fcbcc98ebbbe636a0fe0e54638c2620
- SHA1
  
  2d721ffb4b9dad939cd44b1723cbcb0af29cb8f1
- SHA256
  
  8824938b516f326c8fb474e2d13f12a648cbe7fc793dd565bd44ecc9fcbcec96
- SHA512
  
  74618716926b7f59431bd861eba3e3623d297db902e284ba14442cbebd1738cbe453e3c77cb5e67ca8fad4e2a92d5ede9e33542d39dcbb5af498b26966258fb8
- SSDEEP
  
  12288:/Mr1y90VQHlyKwme5SYAwaHeIDmb4yImOPsvIaHyqHBhRmux:6yHlyKwAzzmWshSqHR7x
Score

10^/10

mystic redline kinza infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mysticredlinekinzainfostealerpersistencestealer

© 2018-2024

Terms | Privacy