Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9
-
Size
942KB
-
Sample
231011-pzlryage2z
-
MD5
5d5ebc7e0ba580b44caaa751f7da5965
-
SHA1
91cbb2a41d5bcacd64a228dbadb8ad2eadd50acd
-
SHA256
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9
-
SHA512
fd88845fc9aeb0ffda094188f0393b80c3c67ce1d40be433532f8263bd8ad5e6ea3fc487c022101a5a20801adbf14a135cf33980e8819f192fc1e6c371cb80c9
-
SSDEEP
12288:fMrQy90LsXhBgI5ol9HFRLm8mdpVNLwsSMXAMyuCuAlzsvaGQixSg+SrofLx74oR:PySsLi97Lmf5wACOiGvY2iLJ4oKtvHw
Static task
static1
Behavioral task
behavioral1
Sample
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
ramos
77.91.124.82:19071
-
auth_value
42c0ec91d63648bb7119ab787aa3fb94
Targets
-
-
Target
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9
-
Size
942KB
-
MD5
5d5ebc7e0ba580b44caaa751f7da5965
-
SHA1
91cbb2a41d5bcacd64a228dbadb8ad2eadd50acd
-
SHA256
9da7f30d54632e48b35fe2cb1ac12208eeff3f39f737e3840c0c0853f70c0ef9
-
SHA512
fd88845fc9aeb0ffda094188f0393b80c3c67ce1d40be433532f8263bd8ad5e6ea3fc487c022101a5a20801adbf14a135cf33980e8819f192fc1e6c371cb80c9
-
SSDEEP
12288:fMrQy90LsXhBgI5ol9HFRLm8mdpVNLwsSMXAMyuCuAlzsvaGQixSg+SrofLx74oR:PySsLi97Lmf5wACOiGvY2iLJ4oKtvHw
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-