Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16

  • Size

    892KB

  • Sample

    231114-gxpf2sgg6x

  • MD5

    a27be1fe1fec2a595d19eac94389df10

  • SHA1

    7ab1b086110f1a655714d4ed6e6403112462146e

  • SHA256

    4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16

  • SHA512

    c97b59b497a8bbbce137dcd759e3edb322d3b2e6f6ddad3838b07c0f13665e49533b5bed0e96abe65531693cf130cc2d3b65c55ba86785e0f7e947414e6409df

  • SSDEEP

    24576:wy2/6LtVGaYB0XxaddJIvLuSdvdKfOE/v:3q6FidDEL7QW

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16

    • Size

      892KB

    • MD5

      a27be1fe1fec2a595d19eac94389df10

    • SHA1

      7ab1b086110f1a655714d4ed6e6403112462146e

    • SHA256

      4ecd67d9bc3094e67e8eea4047af8e2ebca2170232ba31024ef56c744aeeaa16

    • SHA512

      c97b59b497a8bbbce137dcd759e3edb322d3b2e6f6ddad3838b07c0f13665e49533b5bed0e96abe65531693cf130cc2d3b65c55ba86785e0f7e947414e6409df

    • SSDEEP

      24576:wy2/6LtVGaYB0XxaddJIvLuSdvdKfOE/v:3q6FidDEL7QW

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks