Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

  • Size

    1.1MB

  • Sample

    231011-kgmt3abe6s

  • MD5

    4d4ab373da2d7170b2ebb5789fe1b8c5

  • SHA1

    a67d00f36345463fb8c2f30596ef601b620f7683

  • SHA256

    75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

  • SHA512

    83f84d41d7de0849d0fdaccca78c384cffa4fb679659dec4c65b285f3d592898ad16d77ef7fbebedf5525cd5a233a4a517363989a2743dbccd564c668ade2242

  • SSDEEP

    24576:nyljaxBG7KCicvm+3Vg9DZcCXKwvbOOtNXM84V519rtf:yljabG7KCflg9DZFvbjtNa59R

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

    • Size

      1.1MB

    • MD5

      4d4ab373da2d7170b2ebb5789fe1b8c5

    • SHA1

      a67d00f36345463fb8c2f30596ef601b620f7683

    • SHA256

      75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

    • SHA512

      83f84d41d7de0849d0fdaccca78c384cffa4fb679659dec4c65b285f3d592898ad16d77ef7fbebedf5525cd5a233a4a517363989a2743dbccd564c668ade2242

    • SSDEEP

      24576:nyljaxBG7KCicvm+3Vg9DZcCXKwvbOOtNXM84V519rtf:yljabG7KCflg9DZFvbjtNa59R

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks