Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf

  • Size

    1.1MB

  • Sample

    231116-nfskpscd6z

  • MD5

    d7b87eeedb079ef8ecefdbe3b35ba3f0

  • SHA1

    510b4f732541dc7e9de573b905d4caa06037c5e2

  • SHA256

    3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf

  • SHA512

    65274041ddf2ead4af7e1b87848ba7d4708fff97c383c7b7277b7d629b35cb3a6b8b328d13aa807e7c1856d3ca8dcae5af51b67d65cecbdef5b99800863d6e13

  • SSDEEP

    24576:YyypR8zly/ndgziz1gXy5ksWJwdJKgsJl6fYKp1:fypAQnbgX2kt6fYo

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf

    • Size

      1.1MB

    • MD5

      d7b87eeedb079ef8ecefdbe3b35ba3f0

    • SHA1

      510b4f732541dc7e9de573b905d4caa06037c5e2

    • SHA256

      3f46d3d7657c6346c4e31286e01f58c36e91b7b83d90bab05ce13d06bee5d4bf

    • SHA512

      65274041ddf2ead4af7e1b87848ba7d4708fff97c383c7b7277b7d629b35cb3a6b8b328d13aa807e7c1856d3ca8dcae5af51b67d65cecbdef5b99800863d6e13

    • SSDEEP

      24576:YyypR8zly/ndgziz1gXy5ksWJwdJKgsJl6fYKp1:fypAQnbgX2kt6fYo

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Executes dropped EXE

    • Accesses Microsoft Outlook profiles

    • Adds Run key to start application

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks