Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d5ad17afba094be5ae7ab14a5bd7c816ed861ad2fb2d6ba711dddf0f40bec0e

  • Size

    2.5MB

  • Sample

    231013-28effagd96

  • MD5

    3d91b4b4877130321fe2dff023f31b4b

  • SHA1

    e857122f0f46d22036c64f58d52dd3387ea2c582

  • SHA256

    4d5ad17afba094be5ae7ab14a5bd7c816ed861ad2fb2d6ba711dddf0f40bec0e

  • SHA512

    ca6df76d3ca8d64adbbfbd6466b30ab0d715134b7a637087827bf3dfeb5210ab49e1f7f2852d27a30b341bafca3b8cd5ff0511c2967ddc44bf852daf104988f6

  • SSDEEP

    24576:tMwN6yuB40zA0pHxV+L3DkU6KJi6a9Dhvh5wFbykjTJijcwEkeOR4/4z71+jsJR/:N6tzA0pHxVmkv6a3vgm+TEQ6ngd03z

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      4d5ad17afba094be5ae7ab14a5bd7c816ed861ad2fb2d6ba711dddf0f40bec0e

    • Size

      2.5MB

    • MD5

      3d91b4b4877130321fe2dff023f31b4b

    • SHA1

      e857122f0f46d22036c64f58d52dd3387ea2c582

    • SHA256

      4d5ad17afba094be5ae7ab14a5bd7c816ed861ad2fb2d6ba711dddf0f40bec0e

    • SHA512

      ca6df76d3ca8d64adbbfbd6466b30ab0d715134b7a637087827bf3dfeb5210ab49e1f7f2852d27a30b341bafca3b8cd5ff0511c2967ddc44bf852daf104988f6

    • SSDEEP

      24576:tMwN6yuB40zA0pHxV+L3DkU6KJi6a9Dhvh5wFbykjTJijcwEkeOR4/4z71+jsJR/:N6tzA0pHxVmkv6a3vgm+TEQ6ngd03z

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks