Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562

  • Size

    1.1MB

  • Sample

    231121-pgmlhsed35

  • MD5

    70af13c890c5081da2091516841af307

  • SHA1

    594f38460e233676ee60e09a0e7bc6e0c4dd2428

  • SHA256

    89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562

  • SHA512

    31104d94f244cb8ad36559f88ce9226733124cfa0db10d286c716c79794695f3e791e9e16622f8741c16c1b3982fd45bd9acf0390ea4cbb6f7f6d062ad73bd8d

  • SSDEEP

    24576:CyNsrxUbbGlC5nHLNyoupccfuC7Px0riP+hniTx1Ej/N5bHFIo:pNskbNxyo3jGx0g+64zND

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562

    • Size

      1.1MB

    • MD5

      70af13c890c5081da2091516841af307

    • SHA1

      594f38460e233676ee60e09a0e7bc6e0c4dd2428

    • SHA256

      89cc8588fdd283d65796d258d20da78cc3e96dda70483c000ab1ff1232fa5562

    • SHA512

      31104d94f244cb8ad36559f88ce9226733124cfa0db10d286c716c79794695f3e791e9e16622f8741c16c1b3982fd45bd9acf0390ea4cbb6f7f6d062ad73bd8d

    • SSDEEP

      24576:CyNsrxUbbGlC5nHLNyoupccfuC7Px0riP+hniTx1Ej/N5bHFIo:pNskbNxyo3jGx0g+64zND

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks