Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa

  • Size

    863KB

  • Sample

    231011-lxn8hafc5v

  • MD5

    1d93ed64e65a8ea93809085241338cde

  • SHA1

    5d219bb706205eb2d3c8ef904a7f7a603860c740

  • SHA256

    8fe366b6ad0bc990027d4678c1fb5056ef24f63bbc912993de247c8c60a78925

  • SHA512

    de86e5c20bcf15586875672e8d8305db055898b811f50167f3e5794fbef93c2feacc738d495613ed9f00dfd8225753962cfd5da744b24e3bf7a9d2a61ffe7ed2

  • SSDEEP

    24576:QiyhJX6XwKfy2lSICiPzHnC+xou147vFq5Dnru9P9:2h16dywSI77HNsYu9l

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa

    • Size

      907KB

    • MD5

      3f499a1933024166466a48c80ea6de27

    • SHA1

      ca25d4bf7c2bdd0fe452332e7eed098946b18996

    • SHA256

      5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa

    • SHA512

      532216c4d2a7b7cc664e2fb187c7639e41d03afc131f3aff76288e7f2974ab0cc19a29e3705a45860cdcbf1c2f48552280d82228c7fb242a64a47c4c202bb807

    • SSDEEP

      24576:RyraXEXASfGulWICYPf9nC+rouv47jeM+5DnTY9uz:EraEjG4WI339P6/ejY9u

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks