Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1e77d802493fdc0dbe069b24d16af26b

  • Size

    2.3MB

  • Sample

    231225-pphyasbgfj

  • MD5

    1e77d802493fdc0dbe069b24d16af26b

  • SHA1

    13dcdf0a5c135865f5154f7b6a7afdcbd44e18c7

  • SHA256

    019960c087dbaca50dd404d594ba2735b146ed708b01de3290442872f6ec8fab

  • SHA512

    ad17a897988717e4fa11bc263d7a7a02ba93b02db5e260c2306353bd77e15086d34f1a92d83f2a42cf7d8ec603f1b4147714e6df03597c9e4001ca03168ec9fc

  • SSDEEP

    49152:M5+hFOYoKNA2AFktKu0+lVUkXFQ92sI9RzQNlWscseCxxiz8lVHTIioOFZQ+n:M5aFOWNA7ktZ7UkXK9dAuNlHc58xiqZr

Malware Config

Extracted

Family

redline

Botnet

@Lolajetyk

C2

45.14.49.109:21295

Targets

    • Target

      1e77d802493fdc0dbe069b24d16af26b

    • Size

      2.3MB

    • MD5

      1e77d802493fdc0dbe069b24d16af26b

    • SHA1

      13dcdf0a5c135865f5154f7b6a7afdcbd44e18c7

    • SHA256

      019960c087dbaca50dd404d594ba2735b146ed708b01de3290442872f6ec8fab

    • SHA512

      ad17a897988717e4fa11bc263d7a7a02ba93b02db5e260c2306353bd77e15086d34f1a92d83f2a42cf7d8ec603f1b4147714e6df03597c9e4001ca03168ec9fc

    • SSDEEP

      49152:M5+hFOYoKNA2AFktKu0+lVUkXFQ92sI9RzQNlWscseCxxiz8lVHTIioOFZQ+n:M5aFOWNA7ktZ7UkXK9dAuNlHc58xiqZr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks