Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4bab71f88a04106542ebe5ae77c59dcb98e2314f3ad50fc301ae8f454e8322c8

  • Size

    649KB

  • Sample

    230910-mbt3asgc5w

  • MD5

    47d144dfa28b31ad430b22d5ab6e9db9

  • SHA1

    6e8fd84f0e3c990526328c17b9036f3e1a70ee24

  • SHA256

    4bab71f88a04106542ebe5ae77c59dcb98e2314f3ad50fc301ae8f454e8322c8

  • SHA512

    9634b2d6e657c56f5a85fc7181655034f6a878e58da1b654e7df0d3da54301cfc411ac7af73a922d2f067dffd8518a5bbd23d0bf6eba43c1cf66a5f083093e42

  • SSDEEP

    12288:3MrLy90YnT9HK+kUdlCUWdoNHpvaxNPY6zYgnjiWTB5HZm:AyVAIlCUWmNJiVj1TXHZm

Malware Config

Extracted

Family

redline

Botnet

virad

C2

77.91.124.82:19071

Attributes
  • auth_value

    434dd63619ca8bbf10125913fb40ca28

Targets

    • Target

      4bab71f88a04106542ebe5ae77c59dcb98e2314f3ad50fc301ae8f454e8322c8

    • Size

      649KB

    • MD5

      47d144dfa28b31ad430b22d5ab6e9db9

    • SHA1

      6e8fd84f0e3c990526328c17b9036f3e1a70ee24

    • SHA256

      4bab71f88a04106542ebe5ae77c59dcb98e2314f3ad50fc301ae8f454e8322c8

    • SHA512

      9634b2d6e657c56f5a85fc7181655034f6a878e58da1b654e7df0d3da54301cfc411ac7af73a922d2f067dffd8518a5bbd23d0bf6eba43c1cf66a5f083093e42

    • SSDEEP

      12288:3MrLy90YnT9HK+kUdlCUWdoNHpvaxNPY6zYgnjiWTB5HZm:AyVAIlCUWmNJiVj1TXHZm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks