Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    122e4400a931dbdd7aa0ef9d3448ac0032d6dc365514075a808db25fc467769b

  • Size

    2.5MB

  • Sample

    231013-3k1jfafa31

  • MD5

    2f7f146caa6b89738f522f714eead088

  • SHA1

    6a54ffc979a13f1d2ec86af63de97db5ffeb0126

  • SHA256

    122e4400a931dbdd7aa0ef9d3448ac0032d6dc365514075a808db25fc467769b

  • SHA512

    61a4692ae87401c64792d1195cee1b0a9e8b0c84409689fb1129dcab46718193adafaa2317a3cb3a94e9951e018a39d635ce8ec5ffec8687ee2c44926645d5a8

  • SSDEEP

    49152:MktzA0pHxVZkV6a3vJQyf+74G/w3eL+n9:Mktz1kscGGv

Malware Config

Extracted

Family

redline

Botnet

ramon

C2

77.91.124.82:19071

Attributes
  • auth_value

    3197576965d9513f115338c233015b40

Targets

    • Target

      122e4400a931dbdd7aa0ef9d3448ac0032d6dc365514075a808db25fc467769b

    • Size

      2.5MB

    • MD5

      2f7f146caa6b89738f522f714eead088

    • SHA1

      6a54ffc979a13f1d2ec86af63de97db5ffeb0126

    • SHA256

      122e4400a931dbdd7aa0ef9d3448ac0032d6dc365514075a808db25fc467769b

    • SHA512

      61a4692ae87401c64792d1195cee1b0a9e8b0c84409689fb1129dcab46718193adafaa2317a3cb3a94e9951e018a39d635ce8ec5ffec8687ee2c44926645d5a8

    • SSDEEP

      49152:MktzA0pHxVZkV6a3vJQyf+74G/w3eL+n9:Mktz1kscGGv

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks