Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    14bc88936f16cc3e89403e71e28caa14e9adba4e0517f45c253bee216bce57e4

  • Size

    927KB

  • Sample

    231011-g3tyqagg25

  • MD5

    29e8556f9a3b0da65e69a749bc7ba9f1

  • SHA1

    7a7d5b374792a76c0a445f2cf903dd839989ebdc

  • SHA256

    14bc88936f16cc3e89403e71e28caa14e9adba4e0517f45c253bee216bce57e4

  • SHA512

    691bea750d217024bd5810d8491d112f3b6dbe020220e120ccf35a451448c2f2ea74d0c519b284bd513f7f591c3f6f7fca54e207bf5b45d7c6e36acc03ce32bb

  • SSDEEP

    12288:2MrOy903S/L8GGyFLkiHWkhgUd6ghP5diqPZhW18dGLMDJHV09mdeRvgeuHh:cyCSD8GGyFgEGzYzZhP4MDJ69vR8Hh

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      14bc88936f16cc3e89403e71e28caa14e9adba4e0517f45c253bee216bce57e4

    • Size

      927KB

    • MD5

      29e8556f9a3b0da65e69a749bc7ba9f1

    • SHA1

      7a7d5b374792a76c0a445f2cf903dd839989ebdc

    • SHA256

      14bc88936f16cc3e89403e71e28caa14e9adba4e0517f45c253bee216bce57e4

    • SHA512

      691bea750d217024bd5810d8491d112f3b6dbe020220e120ccf35a451448c2f2ea74d0c519b284bd513f7f591c3f6f7fca54e207bf5b45d7c6e36acc03ce32bb

    • SSDEEP

      12288:2MrOy903S/L8GGyFLkiHWkhgUd6ghP5diqPZhW18dGLMDJHV09mdeRvgeuHh:cyCSD8GGyFgEGzYzZhP4MDJ69vR8Hh

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks