Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796

  • Size

    1.2MB

  • Sample

    231006-1wnmxaad68

  • MD5

    ed974ae3de86c69a6f5c807463948ccb

  • SHA1

    769f8bd5816eed350070769627d06525f76f12f8

  • SHA256

    e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796

  • SHA512

    36e359c4e8003aa0cb67c86c9726672746d9f8183e8dc02a8d66f6c3368a9d395c04e381c5d1c2c51bdc6f7264dfb29e6736513c1538717218e2c4eef37a5708

  • SSDEEP

    24576:fyeUyRGbDVQC1PTwuV1ceIL7iVJp81sv7xl5of92:qouCCtTwuV1e7ibplCf

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796

    • Size

      1.2MB

    • MD5

      ed974ae3de86c69a6f5c807463948ccb

    • SHA1

      769f8bd5816eed350070769627d06525f76f12f8

    • SHA256

      e8bf7b5c22a787af15a42638894b8f1eccc3320134f42f09939f4932df0cc796

    • SHA512

      36e359c4e8003aa0cb67c86c9726672746d9f8183e8dc02a8d66f6c3368a9d395c04e381c5d1c2c51bdc6f7264dfb29e6736513c1538717218e2c4eef37a5708

    • SSDEEP

      24576:fyeUyRGbDVQC1PTwuV1ceIL7iVJp81sv7xl5of92:qouCCtTwuV1e7ibplCf

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks