Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe

  • Size

    1.3MB

  • Sample

    231112-vy695saa62

  • MD5

    06a6db9acf05fbb473df1c207a7c4124

  • SHA1

    05a6cb77200d23c45296b4af0d88006adf9b77be

  • SHA256

    94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647

  • SHA512

    5724c597e1f5e952305bb77f0dfd26809202e116688a0ea7cf14eeaf55dafee326cc397f23e6748248b1713fa8cde5bb5792a952f4f424f41a9bcdef2fc7a7b3

  • SSDEEP

    24576:+yBANvH6jnxXaeBIsfC+GtzGDpqfMvzWayUPM1jrMv3n1fGHhrGlRBX/+iHfb:Ny2xKe6YjGM95LMea1GlnP+A

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647.exe

    • Size

      1.3MB

    • MD5

      06a6db9acf05fbb473df1c207a7c4124

    • SHA1

      05a6cb77200d23c45296b4af0d88006adf9b77be

    • SHA256

      94115d0eae0422b6605f0f25841c29b7cc6c029472a983b21d1cedcd7fdcd647

    • SHA512

      5724c597e1f5e952305bb77f0dfd26809202e116688a0ea7cf14eeaf55dafee326cc397f23e6748248b1713fa8cde5bb5792a952f4f424f41a9bcdef2fc7a7b3

    • SSDEEP

      24576:+yBANvH6jnxXaeBIsfC+GtzGDpqfMvzWayUPM1jrMv3n1fGHhrGlRBX/+iHfb:Ny2xKe6YjGM95LMea1GlnP+A

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Enterprise v15

Tasks