Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b4520b7b228d550021c6ce04b490397044f4cc15c23ba68a8644b7587b2aa63

  • Size

    912KB

  • Sample

    231011-nk6ccsdh25

  • MD5

    690e065e1cc3e5955b7a1f04d5f09c11

  • SHA1

    f97b53a4f70a4acaea3b79faf6d6d4220a3a51ca

  • SHA256

    6b4520b7b228d550021c6ce04b490397044f4cc15c23ba68a8644b7587b2aa63

  • SHA512

    3b54cbb88667aa772042dbf5f49c6d4859e4cb0d16e85c4710ab42e6cb438b44e2f65cb95eadd75c7a8c765270786cd7a3cc9c3647859902f80ab329182ae6a7

  • SSDEEP

    24576:8y5KvCDxr+w0pqSIjOwFoax+zo+1Glvtvx2G:rCWR+DvI6wGjE+Ilv5x2

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      6b4520b7b228d550021c6ce04b490397044f4cc15c23ba68a8644b7587b2aa63

    • Size

      912KB

    • MD5

      690e065e1cc3e5955b7a1f04d5f09c11

    • SHA1

      f97b53a4f70a4acaea3b79faf6d6d4220a3a51ca

    • SHA256

      6b4520b7b228d550021c6ce04b490397044f4cc15c23ba68a8644b7587b2aa63

    • SHA512

      3b54cbb88667aa772042dbf5f49c6d4859e4cb0d16e85c4710ab42e6cb438b44e2f65cb95eadd75c7a8c765270786cd7a3cc9c3647859902f80ab329182ae6a7

    • SSDEEP

      24576:8y5KvCDxr+w0pqSIjOwFoax+zo+1Glvtvx2G:rCWR+DvI6wGjE+Ilv5x2

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks