Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8eaa8200ae1edab74652da8c3.exe

  • Size

    514KB

  • Sample

    230709-tlh64sec79

  • MD5

    8eaa8200ae1edab74652da8c3db0b8e0

  • SHA1

    817310ecc48861a9a52f83321090e5bd33c78f14

  • SHA256

    df69d2c8a41a796c33d7a623977ef8a4d4b85cb02b9907fa3ce1c7e777837966

  • SHA512

    ca623502fcd9e8f28096ac3b58261914150cf0de2fd4bf5156b595c7cf87a526417987c8fc825b67c70d3495ff970b391ea9bfd52aacd65a259d8e8057400e0c

  • SSDEEP

    12288:Sob/GfvfaRdnQgfdj16fH/xcK3FH0fIp30n:SI/cvf82gfCfH/x9VH0Qp30n

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      8eaa8200ae1edab74652da8c3.exe

    • Size

      514KB

    • MD5

      8eaa8200ae1edab74652da8c3db0b8e0

    • SHA1

      817310ecc48861a9a52f83321090e5bd33c78f14

    • SHA256

      df69d2c8a41a796c33d7a623977ef8a4d4b85cb02b9907fa3ce1c7e777837966

    • SHA512

      ca623502fcd9e8f28096ac3b58261914150cf0de2fd4bf5156b595c7cf87a526417987c8fc825b67c70d3495ff970b391ea9bfd52aacd65a259d8e8057400e0c

    • SSDEEP

      12288:Sob/GfvfaRdnQgfdj16fH/xcK3FH0fIp30n:SI/cvf82gfCfH/x9VH0Qp30n

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks