mystic | d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46 | Triage

Submit
Reports

Overview

overview

Static

static

3

d7f22b7eeb...46.exe

windows10-2004-x64

Sharing

General

Target

d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46
Size

956KB
Sample

240531-d7z4radh4z
MD5

57b7364686bb815599ac2e803a7186f5
SHA1

0931a586aa2b6e1772006409ecc94d9b46942b77
SHA256

d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46
SHA512

1bc1d2504c1b0dd3334633b7934477f2fef7d320ac3733b48347cb0715e32ea080332f87ec1aa82ecb7abba02404a43412eab78804e8d2abc64df04c73d69f46
SSDEEP

12288:fMr1y90ELP7G5gWanByhVHtWDCwQ2QkAlJjyAM6c2d4XuNTvaU2NC/tItquzQSGO:Gy3zgWByhzWDw2QkiJndhQC/tri

Score

10^/10

mystic redline tuxiu infostealer persistence stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46.exe

Resource

win10v2004-20240426-en

mystic redline tuxiu infostealer persistence stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes

auth_value
29610cdad07e7187eec70685a04b89fe

Targets

- Target
  
  d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46
- Size
  
  956KB
- MD5
  
  57b7364686bb815599ac2e803a7186f5
- SHA1
  
  0931a586aa2b6e1772006409ecc94d9b46942b77
- SHA256
  
  d7f22b7eebe108f78403cd95501e598191ac75d3ec959f746efec4767e6c2c46
- SHA512
  
  1bc1d2504c1b0dd3334633b7934477f2fef7d320ac3733b48347cb0715e32ea080332f87ec1aa82ecb7abba02404a43412eab78804e8d2abc64df04c73d69f46
- SSDEEP
  
  12288:fMr1y90ELP7G5gWanByhVHtWDCwQ2QkAlJjyAM6c2d4XuNTvaU2NC/tItquzQSGO:Gy3zgWByhzWDw2QkiJndhQC/tri
Score

10^/10

mystic redline tuxiu infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Detects executables containing SQL queries to confidential data stores. Observed in infostealers
- Detects executables packed with ConfuserEx Mod
- Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlinetuxiuinfostealerpersistencestealer

© 2018-2025

Terms | Privacy