Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    186d63d1833b57158c32cf5d225052cb5af614bd60589fcbb89f089b7a0b6540

  • Size

    842KB

  • Sample

    230815-lttc2saa87

  • MD5

    a69236eb925b65afe5638d4017d220bd

  • SHA1

    3ad228b225364ddd4fd243c22c8b5931e8a98348

  • SHA256

    186d63d1833b57158c32cf5d225052cb5af614bd60589fcbb89f089b7a0b6540

  • SHA512

    79a276af6c900ede99164cf38b065939ec97ea0574ec74960eddf5bf671ad5819440757bb7ae7576de4dbcadef1333f73955fd924a623d8c8b416c2e9a0bc9b0

  • SSDEEP

    12288:iMrDy90UOAl5TRWVtFxMSMqnAs7WnY3LtZ210MlG1K7Zr78erGWTYWWWa5shhRP5:Rykc8tFxMjo7f7tZW0G5r/iaq51yR

Malware Config

Extracted

Family

redline

Botnet

meson

C2

77.91.124.54:19071

Attributes
  • auth_value

    47ca57ebe5c142c9ad4650f71bf57877

Targets

    • Target

      186d63d1833b57158c32cf5d225052cb5af614bd60589fcbb89f089b7a0b6540

    • Size

      842KB

    • MD5

      a69236eb925b65afe5638d4017d220bd

    • SHA1

      3ad228b225364ddd4fd243c22c8b5931e8a98348

    • SHA256

      186d63d1833b57158c32cf5d225052cb5af614bd60589fcbb89f089b7a0b6540

    • SHA512

      79a276af6c900ede99164cf38b065939ec97ea0574ec74960eddf5bf671ad5819440757bb7ae7576de4dbcadef1333f73955fd924a623d8c8b416c2e9a0bc9b0

    • SSDEEP

      12288:iMrDy90UOAl5TRWVtFxMSMqnAs7WnY3LtZ210MlG1K7Zr78erGWTYWWWa5shhRP5:Rykc8tFxMjo7f7tZW0G5r/iaq51yR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks