Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9

  • Size

    942KB

  • Sample

    231011-pzlryage2z

  • MD5

    5d5ebc7e0ba580b44caaa751f7da5965

  • SHA1

    91cbb2a41d5bcacd64a228dbadb8ad2eadd50acd

  • SHA256

    9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9

  • SHA512

    fd88845fc9aeb0ffda094188f0393b80c3c67ce1d40be433532f8263bd8ad5e6ea3fc487c022101a5a20801adbf14a135cf33980e8819f192fc1e6c371cb80c9

  • SSDEEP

    12288:fMrQy90LsXhBgI5ol9HFRLm8mdpVNLwsSMXAMyuCuAlzsvaGQixSg+SrofLx74oR:PySsLi97Lmf5wACOiGvY2iLJ4oKtvHw

Malware Config

Extracted

Family

redline

Botnet

ramos

C2

77.91.124.82:19071

Attributes
  • auth_value

    42c0ec91d63648bb7119ab787aa3fb94

Targets

    • Target

      9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9

    • Size

      942KB

    • MD5

      5d5ebc7e0ba580b44caaa751f7da5965

    • SHA1

      91cbb2a41d5bcacd64a228dbadb8ad2eadd50acd

    • SHA256

      9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9

    • SHA512

      fd88845fc9aeb0ffda094188f0393b80c3c67ce1d40be433532f8263bd8ad5e6ea3fc487c022101a5a20801adbf14a135cf33980e8819f192fc1e6c371cb80c9

    • SSDEEP

      12288:fMrQy90LsXhBgI5ol9HFRLm8mdpVNLwsSMXAMyuCuAlzsvaGQixSg+SrofLx74oR:PySsLi97Lmf5wACOiGvY2iLJ4oKtvHw

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks