Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe

  • Size

    1.2MB

  • Sample

    231007-mph7ysag9s

  • MD5

    7b68089b89d04dd24d22a1332d87cf08

  • SHA1

    66d956dadfe8dc098330dc3ec94a6a625c6a0462

  • SHA256

    04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa

  • SHA512

    0c1e561ae6e3c4111379c19618bc871c9c12b27ea5d2ae50396682e433e8369a97577e1b5f5ee3816fd2f4dfe2d8f749261a19c4cc20d0c517edfb282b45b592

  • SSDEEP

    24576:dyXzrx5oWmhku7V5d2FZ9+p3tthEEovRH3OIspEK:4XJ5oJhR0Ff+t3EEopeIw

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      NEAS.04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa_JC.exe

    • Size

      1.2MB

    • MD5

      7b68089b89d04dd24d22a1332d87cf08

    • SHA1

      66d956dadfe8dc098330dc3ec94a6a625c6a0462

    • SHA256

      04a87b8f058d7530d2e2d860d9792e27ac4a33a3865644f618340a1614a011aa

    • SHA512

      0c1e561ae6e3c4111379c19618bc871c9c12b27ea5d2ae50396682e433e8369a97577e1b5f5ee3816fd2f4dfe2d8f749261a19c4cc20d0c517edfb282b45b592

    • SSDEEP

      24576:dyXzrx5oWmhku7V5d2FZ9+p3tthEEovRH3OIspEK:4XJ5oJhR0Ff+t3EEopeIw

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks