Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
eed5fb3aa6bc31327e11bcfa899e734fdc257f407c584fa611ea2e873de2b876
-
Size
1.3MB
-
Sample
231011-rwallsdc7x
-
MD5
0285099e04dfce85b9c6b52eaef30412
-
SHA1
155e4ac3b370b2f12a69b4f596eabcaef61e0bd2
-
SHA256
eed5fb3aa6bc31327e11bcfa899e734fdc257f407c584fa611ea2e873de2b876
-
SHA512
8f912b80cb2ca060cbf4696348f0c60fab90425b176404c3ea1db033059075e6b029e3bf20cdb296b82e1b76525d57e05f2156aac0cbfe6da6fc6f5695b582c7
-
SSDEEP
24576:ayFJtD5rTiCkB4ACUCLgKC4ayvPLlRFWC8iLcAxpG3d/IOJpp1uU5Rhab:hHrTagUCc4ayXLlHWtacU2d/TNb5Rh
Static task
static1
Behavioral task
behavioral1
Sample
eed5fb3aa6bc31327e11bcfa899e734fdc257f407c584fa611ea2e873de2b876.exe
Resource
win7-20230831-en
Malware Config
Extracted
redline
darts
77.91.124.82:19071
-
auth_value
3c8818da7045365845f15ec0946ebf11
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Extracted
mystic
http://5.42.92.211/loghub/master
Targets
-
-
Target
eed5fb3aa6bc31327e11bcfa899e734fdc257f407c584fa611ea2e873de2b876
-
Size
1.3MB
-
MD5
0285099e04dfce85b9c6b52eaef30412
-
SHA1
155e4ac3b370b2f12a69b4f596eabcaef61e0bd2
-
SHA256
eed5fb3aa6bc31327e11bcfa899e734fdc257f407c584fa611ea2e873de2b876
-
SHA512
8f912b80cb2ca060cbf4696348f0c60fab90425b176404c3ea1db033059075e6b029e3bf20cdb296b82e1b76525d57e05f2156aac0cbfe6da6fc6f5695b582c7
-
SSDEEP
24576:ayFJtD5rTiCkB4ACUCLgKC4ayvPLlRFWC8iLcAxpG3d/IOJpp1uU5Rhab:hHrTagUCc4ayXLlHWtacU2d/TNb5Rh
-
Detect Mystic stealer payload
-
Detects Healer an antivirus disabler dropper
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1