Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba
-
Size
928KB
-
Sample
231011-fp1nnsba3x
-
MD5
3b0702d6a6ef1940e5c745a3cd6a9a41
-
SHA1
3b7ecc2c01ead9014d827c368fc197059a0e3200
-
SHA256
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba
-
SHA512
80ae9454fd2bb945daa256dbd29571c528f068a23c9475e3a2ef6c0bcce8522f5caa48bff633905f3cf91bd71c85d7af5449c0a023bb69d7566bb2b88b45f76a
-
SSDEEP
12288:rMrey90rAt8kShe4IudlvYsyoiip6vR/3aaxGk4+/9U4lIxBsx4ShHZ+XV5Eq8qv:JycdVZo5/ddfuBpSHwV5E5emBQX
Static task
static1
Behavioral task
behavioral1
Sample
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luska
77.91.124.55:19071
-
auth_value
a6797888f51a88afbfd8854a79ac9357
Targets
-
-
Target
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba
-
Size
928KB
-
MD5
3b0702d6a6ef1940e5c745a3cd6a9a41
-
SHA1
3b7ecc2c01ead9014d827c368fc197059a0e3200
-
SHA256
6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba
-
SHA512
80ae9454fd2bb945daa256dbd29571c528f068a23c9475e3a2ef6c0bcce8522f5caa48bff633905f3cf91bd71c85d7af5449c0a023bb69d7566bb2b88b45f76a
-
SSDEEP
12288:rMrey90rAt8kShe4IudlvYsyoiip6vR/3aaxGk4+/9U4lIxBsx4ShHZ+XV5Eq8qv:JycdVZo5/ddfuBpSHwV5E5emBQX
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-