Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    18f4893f8dbb1717b4685c8646f90554.exe

  • Size

    910KB

  • Sample

    231011-nvvcvaeg22

  • MD5

    18f4893f8dbb1717b4685c8646f90554

  • SHA1

    04b0da66addf77e2d011a3cfb8999011f10fd344

  • SHA256

    7decb7675605f65b6adafa81ace426cffa10321bd4821225215a4ba499dce669

  • SHA512

    91d92b342a98a1fa7ed86a892d908c12eb8e1fec79c1747831f2484c993f536dbe3429b103d1a8c4c0245f2ed99e582726e739c97cf181830906e2b7b82e3eb8

  • SSDEEP

    12288:4MrFy90Gvb3A7jOpYwu8EJ2qh2RRwNen0hmkFFb1uj4UrYk0qY14qWuTD4zrqy0X:NyrzOOpYwu8EcYenuChcX1L1e6F

Malware Config

Extracted

Family

redline

Botnet

luate

C2

77.91.124.55:19071

Attributes
  • auth_value

    e45cd419aba6c9d372088ffe5629308b

Targets

    • Target

      18f4893f8dbb1717b4685c8646f90554.exe

    • Size

      910KB

    • MD5

      18f4893f8dbb1717b4685c8646f90554

    • SHA1

      04b0da66addf77e2d011a3cfb8999011f10fd344

    • SHA256

      7decb7675605f65b6adafa81ace426cffa10321bd4821225215a4ba499dce669

    • SHA512

      91d92b342a98a1fa7ed86a892d908c12eb8e1fec79c1747831f2484c993f536dbe3429b103d1a8c4c0245f2ed99e582726e739c97cf181830906e2b7b82e3eb8

    • SSDEEP

      12288:4MrFy90Gvb3A7jOpYwu8EJ2qh2RRwNen0hmkFFb1uj4UrYk0qY14qWuTD4zrqy0X:NyrzOOpYwu8EcYenuChcX1L1e6F

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks