Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2014435291f8763738c2a03de303cd3dba06f4de13d4cb12c9b71a2c98b50047

  • Size

    649KB

  • Sample

    230910-lq6tzagb69

  • MD5

    63e91adbe808e6270e08073165100e18

  • SHA1

    dba21523679039d373beb08e9c810b0cd88893bc

  • SHA256

    2014435291f8763738c2a03de303cd3dba06f4de13d4cb12c9b71a2c98b50047

  • SHA512

    bc4a116258e94aafcd24dcbde5dcb6df4edf9c5a71303640bd361e47b3b7dc4ea01b9840a744fb921618c7d4e0cb1ace40d0e916ebee124cebb5b35c5a70f072

  • SSDEEP

    12288:hMrfy90758XjA/csvFJKdowRTJYQ0ibYbR7tif1oNu4mhqJE/Y7:+y9U/csvDKmwFSQ02YJKo04bWe

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      2014435291f8763738c2a03de303cd3dba06f4de13d4cb12c9b71a2c98b50047

    • Size

      649KB

    • MD5

      63e91adbe808e6270e08073165100e18

    • SHA1

      dba21523679039d373beb08e9c810b0cd88893bc

    • SHA256

      2014435291f8763738c2a03de303cd3dba06f4de13d4cb12c9b71a2c98b50047

    • SHA512

      bc4a116258e94aafcd24dcbde5dcb6df4edf9c5a71303640bd361e47b3b7dc4ea01b9840a744fb921618c7d4e0cb1ace40d0e916ebee124cebb5b35c5a70f072

    • SSDEEP

      12288:hMrfy90758XjA/csvFJKdowRTJYQ0ibYbR7tif1oNu4mhqJE/Y7:+y9U/csvDKmwFSQ02YJKo04bWe

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks