Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5ac7bc0bc73f03830c3c43233639adffa9e6c2c9087a7dd53cd993baf839a124

  • Size

    378KB

  • Sample

    231006-nnhqgada59

  • MD5

    735a32d09b8f077de5375d42181bad67

  • SHA1

    f997a9a2a7a42f598b6c815b13daf5c666682c7b

  • SHA256

    5ac7bc0bc73f03830c3c43233639adffa9e6c2c9087a7dd53cd993baf839a124

  • SHA512

    46004f8e82efde6a754a43e26250a50401ab423b5dc6cf568173d15dd0b8b6c6e03272d92d197d3af0fc8c1ffb661af93ed44cf79fa4dd5a1d12c675ae2441d9

  • SSDEEP

    6144:P4eSR92pCryG4kfjSGwEi56AOnGuwIqZ481HGnJSSqQ08Cf+7iETVmo0D:P4ea2wryNSM9IqZF8SSv08CG7iETVm9D

Score
10/10

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      5ac7bc0bc73f03830c3c43233639adffa9e6c2c9087a7dd53cd993baf839a124

    • Size

      378KB

    • MD5

      735a32d09b8f077de5375d42181bad67

    • SHA1

      f997a9a2a7a42f598b6c815b13daf5c666682c7b

    • SHA256

      5ac7bc0bc73f03830c3c43233639adffa9e6c2c9087a7dd53cd993baf839a124

    • SHA512

      46004f8e82efde6a754a43e26250a50401ab423b5dc6cf568173d15dd0b8b6c6e03272d92d197d3af0fc8c1ffb661af93ed44cf79fa4dd5a1d12c675ae2441d9

    • SSDEEP

      6144:P4eSR92pCryG4kfjSGwEi56AOnGuwIqZ481HGnJSSqQ08Cf+7iETVmo0D:P4ea2wryNSM9IqZF8SSv08CG7iETVm9D

    Score
    10/10
    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks