Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

  • Size

    929KB

  • Sample

    231011-gmtm1sfd27

  • MD5

    120a44c174787e2468251b13ab4bdfb9

  • SHA1

    a19b8b24353513645712f6d8a863d4a87fdc70be

  • SHA256

    6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

  • SHA512

    036ff4f9003bc145fe8ed7336445bc61bbe6b2916851d0264adadba9f733649a774b8465b8b09fea59a6210f7388aa026a6b59b4d38ace9507cb221a15a463f7

  • SSDEEP

    24576:ZyiBy1sjD7ZfxQZ99PazLhvZD1J9U3q2i:MkyGXJxQZrPazFd1JO3V

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

    • Size

      929KB

    • MD5

      120a44c174787e2468251b13ab4bdfb9

    • SHA1

      a19b8b24353513645712f6d8a863d4a87fdc70be

    • SHA256

      6236cf44c07338a74ded96c336ea4ace6ae82d27b8796bc6a046bbd4c2a5f7e7

    • SHA512

      036ff4f9003bc145fe8ed7336445bc61bbe6b2916851d0264adadba9f733649a774b8465b8b09fea59a6210f7388aa026a6b59b4d38ace9507cb221a15a463f7

    • SSDEEP

      24576:ZyiBy1sjD7ZfxQZ99PazLhvZD1J9U3q2i:MkyGXJxQZrPazFd1JO3V

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks