Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6

  • Size

    864KB

  • Sample

    231011-lbn1lsdf2v

  • MD5

    bd142b855776ba9ee626b8d7c9251cee

  • SHA1

    406bd9e6e756b65fcfd793b9fe4fbbcaadf9a7f1

  • SHA256

    94badceb6b6f1039c27cf2eb6f8e12015d66c1a9b77c420739cfa1d53fd3aeef

  • SHA512

    af4c569b293bbc2836126ac48dce4519f04c4203c73062bd702ffc437b5267b100fef8d8956eca58e2ed9b2fedf75d5b07cc76f6bf3766faca52033ae5396784

  • SSDEEP

    12288:XCVjlaQVxy90QQyv7NSmD8JCn3rCN2mkG7s0amyfpK4HAUMwFCI3DWhNflsFIecU:Xs5aWynTg6T3nk6moQHkCI3D3q2R6A+u

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6

    • Size

      907KB

    • MD5

      1609538cc65c63edce6b5c220371e2b4

    • SHA1

      adb56a58e570cf51e48dafb38d11cb2803cd59fb

    • SHA256

      ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6

    • SHA512

      db7c54537311dc60d35331eaa692d26a24fd4ee770f1e5668d74d8e1ef90fa9c9440e5f85319af1194731ad3feff04a9f2564cc93578750c7e7f9bb387efd063

    • SSDEEP

      12288:lMr/y90+mD8zCT3r69wXHu3/Dke760amsfpc4HAGMwFCI3nWLNDlQFIGcUdxWeoK:Kyf6n3pu3/HcmGuhkCI3nTqOR6I

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks