Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    19f6c3c2a3ef47c00d7ed7b6fdbcad3d4697755f747daf56384adf39ade0b8af_JC.exe

  • Size

    1.6MB

  • Sample

    231005-tsxyvaed98

  • MD5

    4394688b530b0877db9bb4dcefc8140a

  • SHA1

    f4dc549c339540d793c2e6fb9cdabd3905f757ea

  • SHA256

    19f6c3c2a3ef47c00d7ed7b6fdbcad3d4697755f747daf56384adf39ade0b8af

  • SHA512

    9d08f223ab748689d83da3f82ed42a50c5b28433c6797bef633f9139db8d6371e2e9f26685e64a68c091922c68bcc6e7f8ec22212907e400a183cc815bceaaa5

  • SSDEEP

    49152:mF1BiGjRHglYmqdOisVhOOQ3gci462IpJOhok:u1Biq+HqdBsV4Au9UJHk

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      19f6c3c2a3ef47c00d7ed7b6fdbcad3d4697755f747daf56384adf39ade0b8af_JC.exe

    • Size

      1.6MB

    • MD5

      4394688b530b0877db9bb4dcefc8140a

    • SHA1

      f4dc549c339540d793c2e6fb9cdabd3905f757ea

    • SHA256

      19f6c3c2a3ef47c00d7ed7b6fdbcad3d4697755f747daf56384adf39ade0b8af

    • SHA512

      9d08f223ab748689d83da3f82ed42a50c5b28433c6797bef633f9139db8d6371e2e9f26685e64a68c091922c68bcc6e7f8ec22212907e400a183cc815bceaaa5

    • SSDEEP

      49152:mF1BiGjRHglYmqdOisVhOOQ3gci462IpJOhok:u1Biq+HqdBsV4Au9UJHk

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks