Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    577241d45aa5dc7d188964a95f70af1b589afbbedfc8fb17d7928b5fb2e6c54e

  • Size

    649KB

  • Sample

    230910-lb9mbaga4w

  • MD5

    51ce38ed64940b5ff97e80f991bfc4c3

  • SHA1

    9c53cf63989dca32b5754db49f9a187cb6d037f7

  • SHA256

    577241d45aa5dc7d188964a95f70af1b589afbbedfc8fb17d7928b5fb2e6c54e

  • SHA512

    af9f132479c9b0f49cb017fbdf96f28c860c2ae4216377b0964a7acc3ca4ba88c4a779d72cb4e693516eb8765c1ea1a483624047660e211f96caabb424fa5756

  • SSDEEP

    12288:wMr2y90ee1/IFGUYZabX7JzwHBn5TDlHDhKLNwNiFisEgQRmzgv7VFioqfra1w:WybeNIc+Vz0VJDNdYZFB0OgxFrqfrWw

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      577241d45aa5dc7d188964a95f70af1b589afbbedfc8fb17d7928b5fb2e6c54e

    • Size

      649KB

    • MD5

      51ce38ed64940b5ff97e80f991bfc4c3

    • SHA1

      9c53cf63989dca32b5754db49f9a187cb6d037f7

    • SHA256

      577241d45aa5dc7d188964a95f70af1b589afbbedfc8fb17d7928b5fb2e6c54e

    • SHA512

      af9f132479c9b0f49cb017fbdf96f28c860c2ae4216377b0964a7acc3ca4ba88c4a779d72cb4e693516eb8765c1ea1a483624047660e211f96caabb424fa5756

    • SSDEEP

      12288:wMr2y90ee1/IFGUYZabX7JzwHBn5TDlHDhKLNwNiFisEgQRmzgv7VFioqfra1w:WybeNIc+Vz0VJDNdYZFB0OgxFrqfrWw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks