Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e4602c2b7472f13bced73d5598782be6c8605240ecc53213c24ee32cf544c7a3

  • Size

    854KB

  • Sample

    230817-abt13sed87

  • MD5

    6ffea49edea043c637932164084e37e4

  • SHA1

    677a2490612180148eb42899d1fc0e085c560e26

  • SHA256

    e4602c2b7472f13bced73d5598782be6c8605240ecc53213c24ee32cf544c7a3

  • SHA512

    b700446a8d8cff8af7987e0cca5ea6ceda41fd775cee1b8ef79976d11dabab4d245134efef3cb484a6b2917a7e448a40aad5b6d2cdd6798e4fd011ec4a0bf7b7

  • SSDEEP

    12288:sMrRy90Vs0gAekBAl1XQx3xDHVYAOk+aVBlc7aQ5oYGT51dT6ztOtxrQGPI:lynLkw6x5VYBKc7a4Y5196gx9w

Malware Config

Extracted

Family

redline

Botnet

dava

C2

77.91.124.54:19071

Attributes
  • auth_value

    3ce5222c1baaa06681dfe0012ce1de23

Targets

    • Target

      e4602c2b7472f13bced73d5598782be6c8605240ecc53213c24ee32cf544c7a3

    • Size

      854KB

    • MD5

      6ffea49edea043c637932164084e37e4

    • SHA1

      677a2490612180148eb42899d1fc0e085c560e26

    • SHA256

      e4602c2b7472f13bced73d5598782be6c8605240ecc53213c24ee32cf544c7a3

    • SHA512

      b700446a8d8cff8af7987e0cca5ea6ceda41fd775cee1b8ef79976d11dabab4d245134efef3cb484a6b2917a7e448a40aad5b6d2cdd6798e4fd011ec4a0bf7b7

    • SSDEEP

      12288:sMrRy90Vs0gAekBAl1XQx3xDHVYAOk+aVBlc7aQ5oYGT51dT6ztOtxrQGPI:lynLkw6x5VYBKc7a4Y5196gx9w

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks