Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    288s
  • max time network
    303s
  • platform
    windows10-1703_x64
  • resource
    win10-20231023-en
  • resource tags

    arch:x64arch:x86image:win10-20231023-enlocale:en-usos:windows10-1703-x64system
  • submitted
    11/12/2023, 04:53

General

  • Target

    49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe

  • Size

    401KB

  • MD5

    45c5b4028ba62a3f47f659dabff153f5

  • SHA1

    1af6fddceeec32244f7b949bcdaa0030c80787d2

  • SHA256

    49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b

  • SHA512

    71e23dedc50220a6bd9b7b9cd8a9ff39ffca38e5e8b66633897c72a9960ee82f7d643c45c75b980486b731d3a6be0cfeb79f770c90190044e7a4aedfbf764049

  • SSDEEP

    6144:oYyBitWBxQ5y22AO/OlWSMBiAv1Zw7gIUIHrYaNr3lwp3m:oFBitEVI/RAiURIH7B3mp3m

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

195.10.205.16:2245

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe
    "C:\Users\Admin\AppData\Local\Temp\49fe76a8a8986e9c1f1edb8f179390e4ae8a4555a2f2dca3bd4b70c1f6d3755b.exe"
    1⤵
      PID:4264

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4264-0-0x0000000000060000-0x000000000009C000-memory.dmp

      Filesize

      240KB

    • memory/4264-5-0x0000000073790000-0x0000000073E7E000-memory.dmp

      Filesize

      6.9MB

    • memory/4264-6-0x00000000074C0000-0x00000000079BE000-memory.dmp

      Filesize

      5.0MB

    • memory/4264-7-0x00000000070A0000-0x0000000007132000-memory.dmp

      Filesize

      584KB

    • memory/4264-8-0x00000000026A0000-0x00000000026B0000-memory.dmp

      Filesize

      64KB

    • memory/4264-9-0x0000000007060000-0x000000000706A000-memory.dmp

      Filesize

      40KB

    • memory/4264-10-0x0000000008550000-0x0000000008B56000-memory.dmp

      Filesize

      6.0MB

    • memory/4264-12-0x0000000008460000-0x0000000008472000-memory.dmp

      Filesize

      72KB

    • memory/4264-13-0x00000000084C0000-0x00000000084FE000-memory.dmp

      Filesize

      248KB

    • memory/4264-11-0x0000000009CA0000-0x0000000009DAA000-memory.dmp

      Filesize

      1.0MB

    • memory/4264-14-0x0000000008500000-0x000000000854B000-memory.dmp

      Filesize

      300KB

    • memory/4264-15-0x0000000073790000-0x0000000073E7E000-memory.dmp

      Filesize

      6.9MB

    • memory/4264-16-0x00000000026A0000-0x00000000026B0000-memory.dmp

      Filesize

      64KB