Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5

  • Size

    927KB

  • Sample

    231012-bzlv2sac64

  • MD5

    cbae5f9680f83a68960c45b2daa763d8

  • SHA1

    428fc54e6d6c97f53fee2cbf052372f61e7fffcc

  • SHA256

    19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5

  • SHA512

    f6b98441c3f5b2c00e03e740cd679757ab061b2d2a1ea88c5efa81c3d5008e4b5a4a8b649dca0cd73a28ecc253d0d6b5f8852a88c508f7420e83c1a6d76d2026

  • SSDEEP

    24576:eyrlSPZN3a/0FBdjbY06dqag4+jm9u5jT:trlWj/fCp

Malware Config

Extracted

Family

mystic

C2

http://5.42.92.211/loghub/master

Targets

    • Target

      19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5

    • Size

      927KB

    • MD5

      cbae5f9680f83a68960c45b2daa763d8

    • SHA1

      428fc54e6d6c97f53fee2cbf052372f61e7fffcc

    • SHA256

      19e4e574510ebc70c450efc7c86fcceebbe586f73023a565e32b7780f75c15b5

    • SHA512

      f6b98441c3f5b2c00e03e740cd679757ab061b2d2a1ea88c5efa81c3d5008e4b5a4a8b649dca0cd73a28ecc253d0d6b5f8852a88c508f7420e83c1a6d76d2026

    • SSDEEP

      24576:eyrlSPZN3a/0FBdjbY06dqag4+jm9u5jT:trlWj/fCp

    • Mystic

      Mystic is an infostealer written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks