Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.aba938426c40ea93bca80f2a13794310.exe

  • Size

    892KB

  • Sample

    231116-lkz48shf39

  • MD5

    aba938426c40ea93bca80f2a13794310

  • SHA1

    67c643ea37da472e5fc13f9f14623ef47b8b8731

  • SHA256

    f6bc805c77007a0e0144b4ce4786cf4be2084e23699b1f780f16cb4780d608a1

  • SHA512

    c523d4b752c57acb7a7d26e7ebcb4c08b4f02f46115c81a5119297e9c91b104df3c1e7084aa0682c0ec4467d078d80225288ade4f2a8799e16bffa6fa48d084f

  • SSDEEP

    24576:NyAW7oMBruWYbZ89PGxGuPHzrfRo3UzHEh0Rx2dQ6LBxoW9X:oAooMB1qWGxGYr/TEmj2TcW

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.aba938426c40ea93bca80f2a13794310.exe

    • Size

      892KB

    • MD5

      aba938426c40ea93bca80f2a13794310

    • SHA1

      67c643ea37da472e5fc13f9f14623ef47b8b8731

    • SHA256

      f6bc805c77007a0e0144b4ce4786cf4be2084e23699b1f780f16cb4780d608a1

    • SHA512

      c523d4b752c57acb7a7d26e7ebcb4c08b4f02f46115c81a5119297e9c91b104df3c1e7084aa0682c0ec4467d078d80225288ade4f2a8799e16bffa6fa48d084f

    • SSDEEP

      24576:NyAW7oMBruWYbZ89PGxGuPHzrfRo3UzHEh0Rx2dQ6LBxoW9X:oAooMB1qWGxGYr/TEmj2TcW

    • Detect Mystic stealer payload

    • Mystic

      Mystic is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks