Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c

  • Size

    584KB

  • Sample

    230606-fwq3tacf7z

  • MD5

    6f86d05e774077c7eaa0b0019bdb535f

  • SHA1

    2764174a9d721b6910e1072fa8ae26779615a2fe

  • SHA256

    8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c

  • SHA512

    5ab81293284105e8d3fb15b36e4217f90304d3f133e63f081686a038f2e4e7724e3d52a504809f493c7d9f7d638a36c52c1dfe04b36f1fc6e93ef15cfaeb9089

  • SSDEEP

    12288:vMrCy90BgV9sGmCUbJxVrMNAvdSXoOC2nQi3dOlI1zj:lyR9s8SJxZNdSXoOC8OiJj

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c

    • Size

      584KB

    • MD5

      6f86d05e774077c7eaa0b0019bdb535f

    • SHA1

      2764174a9d721b6910e1072fa8ae26779615a2fe

    • SHA256

      8bcad15880455bf3c58ee82de143205c27e625c923cc96d2ebb198cfe6a8685c

    • SHA512

      5ab81293284105e8d3fb15b36e4217f90304d3f133e63f081686a038f2e4e7724e3d52a504809f493c7d9f7d638a36c52c1dfe04b36f1fc6e93ef15cfaeb9089

    • SSDEEP

      12288:vMrCy90BgV9sGmCUbJxVrMNAvdSXoOC2nQi3dOlI1zj:lyR9s8SJxZNdSXoOC8OiJj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks