Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fea83d0257e158a68f352194a75f8ff5bf350e77f045b2b734698f490b12c827

  • Size

    928KB

  • Sample

    231010-17jhbsha37

  • MD5

    ccdb878d630fde0f0dd9f2b394605f3d

  • SHA1

    c73f01d4a171fb9b46b0d8a059551c71d13c355d

  • SHA256

    fea83d0257e158a68f352194a75f8ff5bf350e77f045b2b734698f490b12c827

  • SHA512

    471f05d8b31a4f1dd892e00657b2fc90ffdfc8798bf55449e5919503a119be51f7b7b3b1017cfdd3d0aac411a52c436266d135d176922d080b3d2c91f8d4093b

  • SSDEEP

    24576:ry/e658JE7Z178dF7TNDPJm9hKoKoOF9QXE4lhbKV8:e/e6FH8xk9hKZuXEs

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      fea83d0257e158a68f352194a75f8ff5bf350e77f045b2b734698f490b12c827

    • Size

      928KB

    • MD5

      ccdb878d630fde0f0dd9f2b394605f3d

    • SHA1

      c73f01d4a171fb9b46b0d8a059551c71d13c355d

    • SHA256

      fea83d0257e158a68f352194a75f8ff5bf350e77f045b2b734698f490b12c827

    • SHA512

      471f05d8b31a4f1dd892e00657b2fc90ffdfc8798bf55449e5919503a119be51f7b7b3b1017cfdd3d0aac411a52c436266d135d176922d080b3d2c91f8d4093b

    • SSDEEP

      24576:ry/e658JE7Z178dF7TNDPJm9hKoKoOF9QXE4lhbKV8:e/e6FH8xk9hKZuXEs

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks