Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0511382eaf984196b106692f4556af32b0c4bef9f1f4002fa0728012bfe138be

  • Size

    696KB

  • Sample

    230921-nl61aaff8z

  • MD5

    c2b522f7efa7fda19f5e14f21d88f8ac

  • SHA1

    6cce421e7b2dd16ebdea11bf6f05a27a3d110325

  • SHA256

    0511382eaf984196b106692f4556af32b0c4bef9f1f4002fa0728012bfe138be

  • SHA512

    7751024b600fef0e3ac7377c8b4659e5dea00ffbed200320b00a132fdf2c32eca9c2cc77fd5edff5da16ad9feb4ae0e5f6333d9be24f4596696295e6994cf00d

  • SSDEEP

    12288:WMrSy90lw0TpNbX1ZjJu15eqx8DV+H0EZPiJSB7pecgidvQdV85Vskm5IOjtQYkm:UyCpF1pJuxx4V+H7qgpgid438rLQIOJ/

Malware Config

Extracted

Family

redline

Botnet

buben

C2

77.91.124.82:19071

Attributes
  • auth_value

    c62fa04aa45f5b78f62d2c21fcbefdec

Targets

    • Target

      0511382eaf984196b106692f4556af32b0c4bef9f1f4002fa0728012bfe138be

    • Size

      696KB

    • MD5

      c2b522f7efa7fda19f5e14f21d88f8ac

    • SHA1

      6cce421e7b2dd16ebdea11bf6f05a27a3d110325

    • SHA256

      0511382eaf984196b106692f4556af32b0c4bef9f1f4002fa0728012bfe138be

    • SHA512

      7751024b600fef0e3ac7377c8b4659e5dea00ffbed200320b00a132fdf2c32eca9c2cc77fd5edff5da16ad9feb4ae0e5f6333d9be24f4596696295e6994cf00d

    • SSDEEP

      12288:WMrSy90lw0TpNbX1ZjJu15eqx8DV+H0EZPiJSB7pecgidvQdV85Vskm5IOjtQYkm:UyCpF1pJuxx4V+H7qgpgid438rLQIOJ/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks