Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
-
Size
864KB
-
Sample
231011-lbn1lsdf2v
-
MD5
bd142b855776ba9ee626b8d7c9251cee
-
SHA1
406bd9e6e756b65fcfd793b9fe4fbbcaadf9a7f1
-
SHA256
94badceb6b6f1039c27cf2eb6f8e12015d66c1a9b77c420739cfa1d53fd3aeef
-
SHA512
af4c569b293bbc2836126ac48dce4519f04c4203c73062bd702ffc437b5267b100fef8d8956eca58e2ed9b2fedf75d5b07cc76f6bf3766faca52033ae5396784
-
SSDEEP
12288:XCVjlaQVxy90QQyv7NSmD8JCn3rCN2mkG7s0amyfpK4HAUMwFCI3DWhNflsFIecU:Xs5aWynTg6T3nk6moQHkCI3D3q2R6A+u
Static task
static1
Behavioral task
behavioral1
Sample
ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
-
Size
907KB
-
MD5
1609538cc65c63edce6b5c220371e2b4
-
SHA1
adb56a58e570cf51e48dafb38d11cb2803cd59fb
-
SHA256
ba437a1e6e075cfd2f196bd8501c349ccc23b0400514b84b97bc3f786e0f57d6
-
SHA512
db7c54537311dc60d35331eaa692d26a24fd4ee770f1e5668d74d8e1ef90fa9c9440e5f85319af1194731ad3feff04a9f2564cc93578750c7e7f9bb387efd063
-
SSDEEP
12288:lMr/y90+mD8zCT3r69wXHu3/Dke760amsfpc4HAGMwFCI3nWLNDlQFIGcUdxWeoK:Kyf6n3pu3/HcmGuhkCI3nTqOR6I
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-