Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe

  • Size

    1.2MB

  • Sample

    231007-myyzrsdd34

  • MD5

    3e687a14033b8ba0968ce86c415abe8e

  • SHA1

    c5483168957df8fb20c9587148553c01953dd750

  • SHA256

    198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9

  • SHA512

    b60bec6ef664945bcdef20dde1a5904e5895abdb5fb91fcd19a68dc401ae43a53f9bbd67e7b56b1966d21e19cd22ebd4633c6ba200f2de81d5c4037478b4068f

  • SSDEEP

    24576:UyjbRWpNSrTSgvWiRfSWA4gskS7cY7K0PxljuzTg5ST:jjbRBXZvWiVSGgsgalPxJP

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      NEAS.198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9_JC.exe

    • Size

      1.2MB

    • MD5

      3e687a14033b8ba0968ce86c415abe8e

    • SHA1

      c5483168957df8fb20c9587148553c01953dd750

    • SHA256

      198e731935d5a9c0b26797118791b53fd76ddd1a38302cf739ad3a57f0c6b2e9

    • SHA512

      b60bec6ef664945bcdef20dde1a5904e5895abdb5fb91fcd19a68dc401ae43a53f9bbd67e7b56b1966d21e19cd22ebd4633c6ba200f2de81d5c4037478b4068f

    • SSDEEP

      24576:UyjbRWpNSrTSgvWiRfSWA4gskS7cY7K0PxljuzTg5ST:jjbRBXZvWiVSGgsgalPxJP

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks