Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
Bx0je41.exe
-
Size
674KB
-
Sample
231113-lqafrscd48
-
MD5
57321bcc1d8e590c66429a8aaaaeaaf0
-
SHA1
c631006176dd4f5a416932cdd343eef900a7f382
-
SHA256
d17166f0551ca7187e38be3b41520b84f3e0ce77490f3c21d708d8d7a7a67b0d
-
SHA512
8d1c3ba5700abdb6266cd966aeefabeb83b24c63c0fd83e7ded8b3510ffac677ba3f3ba81e954db603b1ce245fda0217ead47226c895f9d915264cf0b87502b2
-
SSDEEP
12288:PMrAy90Q0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6b7Leonzk6TsCll:vyjiaaewIsgCQGIgYDxfznzkR8l
Malware Config
Targets
-
-
Target
Bx0je41.exe
-
Size
674KB
-
MD5
57321bcc1d8e590c66429a8aaaaeaaf0
-
SHA1
c631006176dd4f5a416932cdd343eef900a7f382
-
SHA256
d17166f0551ca7187e38be3b41520b84f3e0ce77490f3c21d708d8d7a7a67b0d
-
SHA512
8d1c3ba5700abdb6266cd966aeefabeb83b24c63c0fd83e7ded8b3510ffac677ba3f3ba81e954db603b1ce245fda0217ead47226c895f9d915264cf0b87502b2
-
SSDEEP
12288:PMrAy90Q0NA0H7Gae/4IC50pCCHGN0PLvYMXiYQbDL6b7Leonzk6TsCll:vyjiaaewIsgCQGIgYDxfznzkR8l
Score10/10-
Detect Mystic stealer payload
-
Detected google phishing page
-
Mystic
Mystic is an infostealer written in C++.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Detected potential entity reuse from brand paypal.
-
Suspicious use of SetThreadContext
-