Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    926e1544f880ad87d377422e95ab3e5df6088ba2bc98f311f8c985fab5da600a

  • Size

    851KB

  • Sample

    231010-1ndgzafe53

  • MD5

    9dbcef9cf528357b319703d966bb5bf5

  • SHA1

    f034496c250ef9e3a4ba819c725250b0eb0b213b

  • SHA256

    926e1544f880ad87d377422e95ab3e5df6088ba2bc98f311f8c985fab5da600a

  • SHA512

    002e925c0bdf6d0f8817b7d28c20e6d0f9080273c5c85b5ccf7cf2bd7aec4b979648cbefec07ba070337744b6ec511a9bed7b89933031672689c1d1e6172688e

  • SSDEEP

    12288:tMrBy90WvqMN3s1jCSO+/JT+ZOrOsb/zaHSL/3RpSXjVvdqxycjW0g9OV4UWuK8:kym6SjY+Bkux7z3j3TS3Cy2g+fWT8

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      926e1544f880ad87d377422e95ab3e5df6088ba2bc98f311f8c985fab5da600a

    • Size

      851KB

    • MD5

      9dbcef9cf528357b319703d966bb5bf5

    • SHA1

      f034496c250ef9e3a4ba819c725250b0eb0b213b

    • SHA256

      926e1544f880ad87d377422e95ab3e5df6088ba2bc98f311f8c985fab5da600a

    • SHA512

      002e925c0bdf6d0f8817b7d28c20e6d0f9080273c5c85b5ccf7cf2bd7aec4b979648cbefec07ba070337744b6ec511a9bed7b89933031672689c1d1e6172688e

    • SSDEEP

      12288:tMrBy90WvqMN3s1jCSO+/JT+ZOrOsb/zaHSL/3RpSXjVvdqxycjW0g9OV4UWuK8:kym6SjY+Bkux7z3j3TS3Cy2g+fWT8

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks