Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
a417ed0ab5fb6857593f4311da5fdb85ab10f94132f44c6cde60a70077c5a1fc
-
Size
892KB
-
Sample
231011-y4d3bsda27
-
MD5
6d8ff5a493b6ad0e92ec47b5351c5f32
-
SHA1
2021400312813468119e6ab6ffa7e67dc487ff96
-
SHA256
38abd1705448053a2cdb0b98ee9ccf33e8e31e882241f38a54fd1c45ba52a147
-
SHA512
4f35394f91fc696a1a7df9cac5a145131d942518f3e27be5bad7f75f12e5799405d9d83501f7d65f818754340e1f0ff2d8c88c4a84559597d7776587055bd1f3
-
SSDEEP
12288:+BzIy90AtTWQB+A1MUxI4kI0uCkbHLzlXDrNLd6gpG3mctAb2sNys0BAlH0d7Yle:dyHBXkA199BairBZUVBOH0goKm
Static task
static1
Behavioral task
behavioral1
Sample
a417ed0ab5fb6857593f4311da5fdb85ab10f94132f44c6cde60a70077c5a1fc.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
a417ed0ab5fb6857593f4311da5fdb85ab10f94132f44c6cde60a70077c5a1fc.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Targets
-
-
Target
a417ed0ab5fb6857593f4311da5fdb85ab10f94132f44c6cde60a70077c5a1fc
-
Size
935KB
-
MD5
393529959f49656c9a795558ed054a56
-
SHA1
10cf407d485a22b9f61d1351a96c7886f2705d0c
-
SHA256
a417ed0ab5fb6857593f4311da5fdb85ab10f94132f44c6cde60a70077c5a1fc
-
SHA512
4ac6953de2a0d4160f7c599fb1eb2b2c786bf5c1160557d741d7097a3d5c81b72382c9da33149cfbccfe7f19467f0a348e5b4f92f400aada64957efac5555070
-
SSDEEP
12288:1MrKy90jEUQB+ahcWxI4kO0QCkbHNzlRvrpLB6YpG3mYFA72sZyy0nAXH0d7ilgP:PyAEdkahR9BCMrFLYrn+H0ygK3G
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-