Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a721ff4a50aa2d2972b7d9e850dfbed392ee063ecff36d0a1b500f0ec50bdb75

  • Size

    650KB

  • Sample

    230910-kkyqqsfh55

  • MD5

    3d99b66d7866a2544778e2c84a97ef5f

  • SHA1

    508ea2c3c9aa5e5057f208c9b166ed3cb4ea7241

  • SHA256

    a721ff4a50aa2d2972b7d9e850dfbed392ee063ecff36d0a1b500f0ec50bdb75

  • SHA512

    ce6853872c1ca89e50eb8d0d4b287199996b630b22e7912cf33f5f7bc23971d6e7ece7e6435f05505c79848e19cc4dfd163fbfb7773c30f2896a126e0d1e197c

  • SSDEEP

    12288:SMrny90w9ItyfDv4WP6cjoiyxxp+2/5OoUtzQfGDK:NyIAEWPUj+2hOoZUK

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      a721ff4a50aa2d2972b7d9e850dfbed392ee063ecff36d0a1b500f0ec50bdb75

    • Size

      650KB

    • MD5

      3d99b66d7866a2544778e2c84a97ef5f

    • SHA1

      508ea2c3c9aa5e5057f208c9b166ed3cb4ea7241

    • SHA256

      a721ff4a50aa2d2972b7d9e850dfbed392ee063ecff36d0a1b500f0ec50bdb75

    • SHA512

      ce6853872c1ca89e50eb8d0d4b287199996b630b22e7912cf33f5f7bc23971d6e7ece7e6435f05505c79848e19cc4dfd163fbfb7773c30f2896a126e0d1e197c

    • SSDEEP

      12288:SMrny90w9ItyfDv4WP6cjoiyxxp+2/5OoUtzQfGDK:NyIAEWPUj+2hOoZUK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks