Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    598471c286035cefc0e31d3a3f7626e6842d05497155eba7b1483f8a08862b17

  • Size

    1.6MB

  • Sample

    231004-s2tgcacg6y

  • MD5

    779291f87592584538220c5287542ca0

  • SHA1

    f2e415566f1896f2eb39d0dc80d8d72dcae9ed36

  • SHA256

    598471c286035cefc0e31d3a3f7626e6842d05497155eba7b1483f8a08862b17

  • SHA512

    7a79d2d2b813468470dd2f4c9813f59d8949d11587ad11523212a3d503038cc3c2af56f4cf850e2875fce8f89f30b6ec66a2d0fd68996ce46de3158e9e31421d

  • SSDEEP

    49152:Bplchvxx63aes4b+Yv/bbFugBbpV10wdHmBly:7lchvxxwDXXbbdFV10wU

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      598471c286035cefc0e31d3a3f7626e6842d05497155eba7b1483f8a08862b17

    • Size

      1.6MB

    • MD5

      779291f87592584538220c5287542ca0

    • SHA1

      f2e415566f1896f2eb39d0dc80d8d72dcae9ed36

    • SHA256

      598471c286035cefc0e31d3a3f7626e6842d05497155eba7b1483f8a08862b17

    • SHA512

      7a79d2d2b813468470dd2f4c9813f59d8949d11587ad11523212a3d503038cc3c2af56f4cf850e2875fce8f89f30b6ec66a2d0fd68996ce46de3158e9e31421d

    • SSDEEP

      49152:Bplchvxx63aes4b+Yv/bbFugBbpV10wdHmBly:7lchvxxwDXXbbdFV10wU

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks