Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8

  • Size

    929KB

  • Sample

    231011-yk6m8shg3y

  • MD5

    03dbc56ad4fbd0943eabc90b51e2a48d

  • SHA1

    5e406541166bee80713c5d7d0841e8005ed66e5d

  • SHA256

    f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8

  • SHA512

    fc1fa11e8cf4d0b2536e471759b24dd6819e807d70d815bc9875fb82500526c6c24ac0284766e2c34b36737c945288d92d55f1d8d5d226efd8b542116f99974c

  • SSDEEP

    12288:OMrBy90UaIcWyX00FW87GLJNE/jnLsyBZtiRTIq4XwcfG30/TG:TyRyX00FW87GNE/jbBZYI9gTWG

Malware Config

Extracted

Family

redline

Botnet

kendo

C2

77.91.124.82:19071

Attributes
  • auth_value

    5a22a881561d49941415902859b51f14

Targets

    • Target

      f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8

    • Size

      929KB

    • MD5

      03dbc56ad4fbd0943eabc90b51e2a48d

    • SHA1

      5e406541166bee80713c5d7d0841e8005ed66e5d

    • SHA256

      f01e91d3435f42fc3461ee3c83939a565810698f0d103f0c0a3f93e1e8efc9d8

    • SHA512

      fc1fa11e8cf4d0b2536e471759b24dd6819e807d70d815bc9875fb82500526c6c24ac0284766e2c34b36737c945288d92d55f1d8d5d226efd8b542116f99974c

    • SSDEEP

      12288:OMrBy90UaIcWyX00FW87GLJNE/jnLsyBZtiRTIq4XwcfG30/TG:TyRyX00FW87GNE/jbBZYI9gTWG

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks