Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ca8e648840b1d9f62168a0d6cab0ea8e1151f7eda316d7ed549c77c85744d6ba

  • Size

    944KB

  • Sample

    230819-e8hfrsga38

  • MD5

    6b47dd82516af7976a126f4c624e3fce

  • SHA1

    06d497ac28d37bf8c62c5752bf5d0686569dec76

  • SHA256

    ca8e648840b1d9f62168a0d6cab0ea8e1151f7eda316d7ed549c77c85744d6ba

  • SHA512

    bbc70f4beb5ef1e3949a7bb404223319830775b66481508c9731d3486a081724d81a1fdf028137a2f49637f9f8dc2aefa88ceef9178e9d30047832505c90e81c

  • SSDEEP

    12288:QMriy90TTmYn7VQhBp/Jp7dRltkOVcDzdN54EYobHFGw0IgEf+CaUNemxaokzBxP:iyYD7g/7ROzd8EB0IgY+NUJPkCNXA

Malware Config

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c3e46e091100fd26a6076996d374c28

Targets

    • Target

      ca8e648840b1d9f62168a0d6cab0ea8e1151f7eda316d7ed549c77c85744d6ba

    • Size

      944KB

    • MD5

      6b47dd82516af7976a126f4c624e3fce

    • SHA1

      06d497ac28d37bf8c62c5752bf5d0686569dec76

    • SHA256

      ca8e648840b1d9f62168a0d6cab0ea8e1151f7eda316d7ed549c77c85744d6ba

    • SHA512

      bbc70f4beb5ef1e3949a7bb404223319830775b66481508c9731d3486a081724d81a1fdf028137a2f49637f9f8dc2aefa88ceef9178e9d30047832505c90e81c

    • SSDEEP

      12288:QMriy90TTmYn7VQhBp/Jp7dRltkOVcDzdN54EYobHFGw0IgEf+CaUNemxaokzBxP:iyYD7g/7ROzd8EB0IgY+NUJPkCNXA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks