mystic | a6ff6a7ab6362d9ccec1a6426ea922e6a019db52566978b4abbe072ead27de1b | Triage

Sharing

General

Target

a6ff6a7ab6362d9ccec1a6426ea922e6a019db52566978b4abbe072ead27de1b
Size

649KB
Sample

241110-bsm5jawfjm
MD5

f1a296f2fcae06b2454d4d2faeb4ef73
SHA1

4ca48f90f2d1cc5cedb51ee55bff2bd91f11c2e8
SHA256

a6ff6a7ab6362d9ccec1a6426ea922e6a019db52566978b4abbe072ead27de1b
SHA512

acc2b42c58f1209f4e386202678f7b3f206543f0ab972b22e2684d547c88c82589aff145ff83477ad91f692da30832f305d816ad6306d5543ea31cd88be5a084
SSDEEP

12288:fMr5y90jtT1OxsuP2MDT2YrmGdon11pI97Y52W/8+9RGgoVoz1r7FAgD:iymZ6BT22LmnHpI97OM+9QXQlFfD

Score

10^/10

mystic redline virad discovery infostealer persistence stealer

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes

auth_value
434dd63619ca8bbf10125913fb40ca28

Targets

- Target
  
  a6ff6a7ab6362d9ccec1a6426ea922e6a019db52566978b4abbe072ead27de1b
- Size
  
  649KB
- MD5
  
  f1a296f2fcae06b2454d4d2faeb4ef73
- SHA1
  
  4ca48f90f2d1cc5cedb51ee55bff2bd91f11c2e8
- SHA256
  
  a6ff6a7ab6362d9ccec1a6426ea922e6a019db52566978b4abbe072ead27de1b
- SHA512
  
  acc2b42c58f1209f4e386202678f7b3f206543f0ab972b22e2684d547c88c82589aff145ff83477ad91f692da30832f305d816ad6306d5543ea31cd88be5a084
- SSDEEP
  
  12288:fMr5y90jtT1OxsuP2MDT2YrmGdon11pI97Y52W/8+9RGgoVoz1r7FAgD:iymZ6BT22LmnHpI97OM+9QXQlFfD
Score

10^/10

mystic redline virad discovery infostealer persistence stealer
- Detect Mystic stealer payload
- Mystic
  Mystic is an infostealer written in C++.
  stealer mystic
- Mystic family
  mystic
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mysticredlineviraddiscoveryinfostealerpersistencestealer