Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8
-
Size
929KB
-
Sample
231011-yk6m8shg3y
-
MD5
03dbc56ad4fbd0943eabc90b51e2a48d
-
SHA1
5e406541166bee80713c5d7d0841e8005ed66e5d
-
SHA256
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8
-
SHA512
fc1fa11e8cf4d0b2536e471759b24dd6819e807d70d815bc9875fb82500526c6c24ac0284766e2c34b36737c945288d92d55f1d8d5d226efd8b542116f99974c
-
SSDEEP
12288:OMrBy90UaIcWyX00FW87GLJNE/jnLsyBZtiRTIq4XwcfG30/TG:TyRyX00FW87GNE/jbBZYI9gTWG
Static task
static1
Behavioral task
behavioral1
Sample
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
redline
kendo
77.91.124.82:19071
-
auth_value
5a22a881561d49941415902859b51f14
Targets
-
-
Target
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8
-
Size
929KB
-
MD5
03dbc56ad4fbd0943eabc90b51e2a48d
-
SHA1
5e406541166bee80713c5d7d0841e8005ed66e5d
-
SHA256
f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8
-
SHA512
fc1fa11e8cf4d0b2536e471759b24dd6819e807d70d815bc9875fb82500526c6c24ac0284766e2c34b36737c945288d92d55f1d8d5d226efd8b542116f99974c
-
SSDEEP
12288:OMrBy90UaIcWyX00FW87GLJNE/jnLsyBZtiRTIq4XwcfG30/TG:TyRyX00FW87GNE/jbBZYI9gTWG
Score10/10-
Detect Mystic stealer payload
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-