Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81bf1502bec6c9cd9e60f405700cd9d6.bin

  • Size

    670KB

  • Sample

    230820-b8hvraef21

  • MD5

    9f78679ecc3279998447dede8975420c

  • SHA1

    3de9eaf0fd5bed552390b40d7490d7bcbc809eca

  • SHA256

    0adc5156f31895771277e0199ff9d5a5f4f489931cac86154eac056f474ad4b4

  • SHA512

    a631104bb60fd4d546ebe6f11f8b0063969ee0aa1d4c8fbeb647c6743c644c23522d9368d24fe82c8b9bf88b32468a356dc90693a0f7f7b9b61282e618e31f36

  • SSDEEP

    12288:Dk4tqopE9QGyljXKQzgRJT8tYlqPD8CgiYD7tbmILfeMPPoSpgU/mf4pSDs:o4tqojlTKQsrTmYlqPYC2HZmILfBP/2I

Malware Config

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c3e46e091100fd26a6076996d374c28

Targets

    • Target

      a2c7bd3961d1781c36b6dc46216e59b2eab98ce0c9df0e0d20b5c8ca43abc7ac.exe

    • Size

      714KB

    • MD5

      81bf1502bec6c9cd9e60f405700cd9d6

    • SHA1

      63429c2bb760a09bce0ac1c647b46130a8009d21

    • SHA256

      a2c7bd3961d1781c36b6dc46216e59b2eab98ce0c9df0e0d20b5c8ca43abc7ac

    • SHA512

      b4c5a3bbf55e5b2a749a728f2771254941c3b3eeead937022b07ac4c571ca7b6ef8fd8710cba53dce6d815e035f42f50b42508e9eb9f40ca83510a6a4d837b5e

    • SSDEEP

      12288:TMr2y902zbnmNl4yrALbfw+BUJCPGNhr+Nj6E2kg003rvpnCUFl8Us0JOxSTnj:pyRzbnul4a9+uYuv46yWDAkKUs0JOA7j

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks