Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba

  • Size

    928KB

  • Sample

    231011-fp1nnsba3x

  • MD5

    3b0702d6a6ef1940e5c745a3cd6a9a41

  • SHA1

    3b7ecc2c01ead9014d827c368fc197059a0e3200

  • SHA256

    6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba

  • SHA512

    80ae9454fd2bb945daa256dbd29571c528f068a23c9475e3a2ef6c0bcce8522f5caa48bff633905f3cf91bd71c85d7af5449c0a023bb69d7566bb2b88b45f76a

  • SSDEEP

    12288:rMrey90rAt8kShe4IudlvYsyoiip6vR/3aaxGk4+/9U4lIxBsx4ShHZ+XV5Eq8qv:JycdVZo5/ddfuBpSHwV5E5emBQX

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba

    • Size

      928KB

    • MD5

      3b0702d6a6ef1940e5c745a3cd6a9a41

    • SHA1

      3b7ecc2c01ead9014d827c368fc197059a0e3200

    • SHA256

      6f409be2ce6f2984ec0ef230bb1423e6b2080a44f470ddd19df491edf23656ba

    • SHA512

      80ae9454fd2bb945daa256dbd29571c528f068a23c9475e3a2ef6c0bcce8522f5caa48bff633905f3cf91bd71c85d7af5449c0a023bb69d7566bb2b88b45f76a

    • SSDEEP

      12288:rMrey90rAt8kShe4IudlvYsyoiip6vR/3aaxGk4+/9U4lIxBsx4ShHZ+XV5Eq8qv:JycdVZo5/ddfuBpSHwV5E5emBQX

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks