Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f0c1954ba094353d98983ca0.exe

  • Size

    518KB

  • Sample

    230707-ypfydacb4y

  • MD5

    61d613c738b706df26c0dd7f90fe3342

  • SHA1

    5a9c798d5f99b39b95bc0ebeba9c062e2aeca3a8

  • SHA256

    3f0c1954ba094353d98983ca0bf2a6c61ca44493979a26575ba5e7c79d7fdd5d

  • SHA512

    dfaccf35e01330457e887de24cba5824feb6e43ab49f4dc074386df5cc1b55c538698b7ffc9e2e4380429589cdfeb22b74929405c382201739539cbd334253eb

  • SSDEEP

    6144:RaEXZjpxfvECAFbmaklCdnQgMy7PyMbjYOkYOWRbHR6Hv+9/57wYc5KAWyEagKsV:8EXpfvfaRdnQg97DjYyNR7gvL0ffxlFb

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      3f0c1954ba094353d98983ca0.exe

    • Size

      518KB

    • MD5

      61d613c738b706df26c0dd7f90fe3342

    • SHA1

      5a9c798d5f99b39b95bc0ebeba9c062e2aeca3a8

    • SHA256

      3f0c1954ba094353d98983ca0bf2a6c61ca44493979a26575ba5e7c79d7fdd5d

    • SHA512

      dfaccf35e01330457e887de24cba5824feb6e43ab49f4dc074386df5cc1b55c538698b7ffc9e2e4380429589cdfeb22b74929405c382201739539cbd334253eb

    • SSDEEP

      6144:RaEXZjpxfvECAFbmaklCdnQgMy7PyMbjYOkYOWRbHR6Hv+9/57wYc5KAWyEagKsV:8EXpfvfaRdnQg97DjYyNR7gvL0ffxlFb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks