Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

  • Size

    1.1MB

  • Sample

    231011-kgmt3abe6s

  • MD5

    4d4ab373da2d7170b2ebb5789fe1b8c5

  • SHA1

    a67d00f36345463fb8c2f30596ef601b620f7683

  • SHA256

    75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

  • SHA512

    83f84d41d7de0849d0fdaccca78c384cffa4fb679659dec4c65b285f3d592898ad16d77ef7fbebedf5525cd5a233a4a517363989a2743dbccd564c668ade2242

  • SSDEEP

    24576:nyljaxBG7KCicvm+3Vg9DZcCXKwvbOOtNXM84V519rtf:yljabG7KCflg9DZFvbjtNa59R

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

    • Size

      1.1MB

    • MD5

      4d4ab373da2d7170b2ebb5789fe1b8c5

    • SHA1

      a67d00f36345463fb8c2f30596ef601b620f7683

    • SHA256

      75bc651b81daed0a35e1587e59c867610a31cb3e0b8423325e0322739a6fb2b5

    • SHA512

      83f84d41d7de0849d0fdaccca78c384cffa4fb679659dec4c65b285f3d592898ad16d77ef7fbebedf5525cd5a233a4a517363989a2743dbccd564c668ade2242

    • SSDEEP

      24576:nyljaxBG7KCicvm+3Vg9DZcCXKwvbOOtNXM84V519rtf:yljabG7KCflg9DZFvbjtNa59R

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.