Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e3acbca31ecca50cc50aabd49400d0db9ad75d8e8ed4559371859c9ecc1fa4e3

  • Size

    943KB

  • Sample

    231011-pxnhraab88

  • MD5

    f8c9f189c9adeac0c51a6e9c0cc9cdea

  • SHA1

    0638572d3888b679d1ac88988e41dbd3803a3c54

  • SHA256

    e3acbca31ecca50cc50aabd49400d0db9ad75d8e8ed4559371859c9ecc1fa4e3

  • SHA512

    d3e8d86a8bf671584434acf877a643708e365eb2a2bcc46e66848129949437d1173acc7256b6bf36c9a49ae39dade893e09bc774ca4eb28eb6cecedc3e0b8673

  • SSDEEP

    24576:8yCGjwTfuTosyfw8tEFvX8irbj1TAHAYE:rC4wTyosy1EtLL18HN

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Extracted

Family

redline

Botnet

ramos

C2

77.91.124.82:19071

Attributes
  • auth_value

    42c0ec91d63648bb7119ab787aa3fb94

Targets

    • Target

      e3acbca31ecca50cc50aabd49400d0db9ad75d8e8ed4559371859c9ecc1fa4e3

    • Size

      943KB

    • MD5

      f8c9f189c9adeac0c51a6e9c0cc9cdea

    • SHA1

      0638572d3888b679d1ac88988e41dbd3803a3c54

    • SHA256

      e3acbca31ecca50cc50aabd49400d0db9ad75d8e8ed4559371859c9ecc1fa4e3

    • SHA512

      d3e8d86a8bf671584434acf877a643708e365eb2a2bcc46e66848129949437d1173acc7256b6bf36c9a49ae39dade893e09bc774ca4eb28eb6cecedc3e0b8673

    • SSDEEP

      24576:8yCGjwTfuTosyfw8tEFvX8irbj1TAHAYE:rC4wTyosy1EtLL18HN

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks