Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf.exe

  • Size

    1.3MB

  • Sample

    231112-v67kwaab73

  • MD5

    ba2c77718bd6b44abb313b86974e99e8

  • SHA1

    139e8c4262a2db1a5de407cbf99b380b0e93254e

  • SHA256

    a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf

  • SHA512

    7c34b013642ab2ab86409e4b6e22628382ceb346aff4dda2f83c72bc0c3034a5c49be0f1c95c4d9e5b9dfa33471f80c0e56b95caea458d986b0651cfce58faeb

  • SSDEEP

    24576:Py5t+MuTMCtJaeyIsOCUGsA1D3uAdru57lpuDGuoo2RnpHNWjOcrlpuThdR:a5tfulkeJRJGfzJdru5ruSuoNRptzTh

Malware Config

Targets

    • Target

      NEAS.a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf.exe

    • Size

      1.3MB

    • MD5

      ba2c77718bd6b44abb313b86974e99e8

    • SHA1

      139e8c4262a2db1a5de407cbf99b380b0e93254e

    • SHA256

      a1d0f879aa5023488075c93718c6bac17d2056269fe3822c901d2b908bc13bbf

    • SHA512

      7c34b013642ab2ab86409e4b6e22628382ceb346aff4dda2f83c72bc0c3034a5c49be0f1c95c4d9e5b9dfa33471f80c0e56b95caea458d986b0651cfce58faeb

    • SSDEEP

      24576:Py5t+MuTMCtJaeyIsOCUGsA1D3uAdru57lpuDGuoo2RnpHNWjOcrlpuThdR:a5tfulkeJRJGfzJdru5ruSuoNRptzTh

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks