Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b8ee2960aab380f5665e2e85c5b58606daa563339a528be856e6640dd6f36bae_JC.exe

  • Size

    831KB

  • Sample

    230827-wp9jksec4s

  • MD5

    650bb84be58ede733ed023e1f86c9f30

  • SHA1

    0a1e433dde0ac3882392dd49356b1f54dc6d139b

  • SHA256

    b8ee2960aab380f5665e2e85c5b58606daa563339a528be856e6640dd6f36bae

  • SHA512

    624c48e4cbf2ce1500c5a009554bb45a2eeddce466e7e66609d7891876d14108389794571a43f9314214896aff0d8c00c35d5ceca40ea41c1d45ccdde98c3b67

  • SSDEEP

    12288:OMrxy90XtDkDoqWfg5omLWx6N+PpPrx4Vn5pP9lrkO1Xzh2oelBJEVFSEcnFjn:nyDWY5WUNit415pPN1Yl3jxnVn

Malware Config

Extracted

Family

redline

Botnet

dugin

C2

77.91.124.73:19071

Attributes
  • auth_value

    7c3e46e091100fd26a6076996d374c28

Targets

    • Target

      b8ee2960aab380f5665e2e85c5b58606daa563339a528be856e6640dd6f36bae_JC.exe

    • Size

      831KB

    • MD5

      650bb84be58ede733ed023e1f86c9f30

    • SHA1

      0a1e433dde0ac3882392dd49356b1f54dc6d139b

    • SHA256

      b8ee2960aab380f5665e2e85c5b58606daa563339a528be856e6640dd6f36bae

    • SHA512

      624c48e4cbf2ce1500c5a009554bb45a2eeddce466e7e66609d7891876d14108389794571a43f9314214896aff0d8c00c35d5ceca40ea41c1d45ccdde98c3b67

    • SSDEEP

      12288:OMrxy90XtDkDoqWfg5omLWx6N+PpPrx4Vn5pP9lrkO1Xzh2oelBJEVFSEcnFjn:nyDWY5WUNit415pPN1Yl3jxnVn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks