Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1a2d6c3994ef44ea447a41438e2a307815c68b203af2b40d71e7b46bb4598f47

  • Size

    854KB

  • Sample

    230816-m8h2asad43

  • MD5

    2d13305e6a4ffeda0dcc79b116a8bc5e

  • SHA1

    a2a4351cb9cd745dddf0e095875f8e9aa5bb52b8

  • SHA256

    1a2d6c3994ef44ea447a41438e2a307815c68b203af2b40d71e7b46bb4598f47

  • SHA512

    95d2b9cfe504020031109b1b27cdbb83a8758f444199a0387afe04bda1160f027287035321f26b0c9b85c73d8dcd09fdbd0d327f56c174f088c4a2bacb9e18b8

  • SSDEEP

    12288:vMrCy90oJ7bh87hSt+gkWscd377ySHsF+P+9swAT30TLmzrGmWAQlxYe93AdhDw+:hyPJ7budS4ho3vy4wAz0PEJW3xJ6phB

Malware Config

Extracted

Family

redline

Botnet

dava

C2

77.91.124.54:19071

Attributes
  • auth_value

    3ce5222c1baaa06681dfe0012ce1de23

Targets

    • Target

      1a2d6c3994ef44ea447a41438e2a307815c68b203af2b40d71e7b46bb4598f47

    • Size

      854KB

    • MD5

      2d13305e6a4ffeda0dcc79b116a8bc5e

    • SHA1

      a2a4351cb9cd745dddf0e095875f8e9aa5bb52b8

    • SHA256

      1a2d6c3994ef44ea447a41438e2a307815c68b203af2b40d71e7b46bb4598f47

    • SHA512

      95d2b9cfe504020031109b1b27cdbb83a8758f444199a0387afe04bda1160f027287035321f26b0c9b85c73d8dcd09fdbd0d327f56c174f088c4a2bacb9e18b8

    • SSDEEP

      12288:vMrCy90oJ7bh87hSt+gkWscd377ySHsF+P+9swAT30TLmzrGmWAQlxYe93AdhDw+:hyPJ7budS4ho3vy4wAz0PEJW3xJ6phB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks