Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa
-
Size
863KB
-
Sample
231011-lxn8hafc5v
-
MD5
1d93ed64e65a8ea93809085241338cde
-
SHA1
5d219bb706205eb2d3c8ef904a7f7a603860c740
-
SHA256
8fe366b6ad0bc990027d4678c1fb5056ef24f63bbc912993de247c8c60a78925
-
SHA512
de86e5c20bcf15586875672e8d8305db055898b811f50167f3e5794fbef93c2feacc738d495613ed9f00dfd8225753962cfd5da744b24e3bf7a9d2a61ffe7ed2
-
SSDEEP
24576:QiyhJX6XwKfy2lSICiPzHnC+xou147vFq5Dnru9P9:2h16dywSI77HNsYu9l
Static task
static1
Behavioral task
behavioral1
Sample
5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
mystic
http://5.42.92.211/loghub/master
Extracted
redline
luate
77.91.124.55:19071
-
auth_value
e45cd419aba6c9d372088ffe5629308b
Targets
-
-
Target
5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa
-
Size
907KB
-
MD5
3f499a1933024166466a48c80ea6de27
-
SHA1
ca25d4bf7c2bdd0fe452332e7eed098946b18996
-
SHA256
5b2c2ea338d66d44bb85255778ab29baa28d224601564b78248529a6a9f676fa
-
SHA512
532216c4d2a7b7cc664e2fb187c7639e41d03afc131f3aff76288e7f2974ab0cc19a29e3705a45860cdcbf1c2f48552280d82228c7fb242a64a47c4c202bb807
-
SSDEEP
24576:RyraXEXASfGulWICYPf9nC+rouv47jeM+5DnTY9uz:EraEjG4WI339P6/ejY9u
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-