Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f66c11b84b409c0b2ea602dc96585f2.exe

  • Size

    953KB

  • Sample

    231126-mgsfnagg76

  • MD5

    0f66c11b84b409c0b2ea602dc96585f2

  • SHA1

    d96d7df17a0738060d4ddb10d50d60de5db79e02

  • SHA256

    ed9c56af756bffebc97edfe6ae977c42e77f5bdaeededc4a9b46186578ecdc34

  • SHA512

    aea094b27902a98c26ddef881356ae5498e83036eb05fa169b04efdb3d762f16b220523ca71994ecd5fbfd1d020f96b934f9027ae227e8c725ebc1f50d3b93b3

  • SSDEEP

    24576:AyGNQR5BuiZHHXPWFVS252rjBGS8Y5v69Nw2:HUm0iNXPCV6ISy9Nw

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Extracted

Family

risepro

C2

194.49.94.152

Targets

    • Target

      0f66c11b84b409c0b2ea602dc96585f2.exe

    • Size

      953KB

    • MD5

      0f66c11b84b409c0b2ea602dc96585f2

    • SHA1

      d96d7df17a0738060d4ddb10d50d60de5db79e02

    • SHA256

      ed9c56af756bffebc97edfe6ae977c42e77f5bdaeededc4a9b46186578ecdc34

    • SHA512

      aea094b27902a98c26ddef881356ae5498e83036eb05fa169b04efdb3d762f16b220523ca71994ecd5fbfd1d020f96b934f9027ae227e8c725ebc1f50d3b93b3

    • SSDEEP

      24576:AyGNQR5BuiZHHXPWFVS252rjBGS8Y5v69Nw2:HUm0iNXPCV6ISy9Nw

    • PrivateLoader

      PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • RisePro

      RisePro stealer is an infostealer distributed by PrivateLoader.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks