Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f087215932979f2ee843abc4ba51d10

  • Size

    1.3MB

  • Sample

    231230-2tbq1afdhp

  • MD5

    1f087215932979f2ee843abc4ba51d10

  • SHA1

    c4b5b07b0bc22485f630fae62c8bf9f079de84ec

  • SHA256

    f9d998739161423a8e526158d540bf631f31590ae34d52789d44bf365a7a3f54

  • SHA512

    099dd2dd7a0e03cf91d9948fe5b92c01d790de60b54a6fd01ac98a7642741f91d1385fafd73fc4bccd6ea1a309435536a0221c61403db2cb3bd916086f39eab5

  • SSDEEP

    12288:DmM4E0htYa98ETR8eSa0NV/2zDwLpA5ApAu3OZP7Caok/LCF0m:DNY

Malware Config

Extracted

Family

redline

Botnet

@trizzych

C2

ierinapu.xyz:80

Targets

    • Target

      1f087215932979f2ee843abc4ba51d10

    • Size

      1.3MB

    • MD5

      1f087215932979f2ee843abc4ba51d10

    • SHA1

      c4b5b07b0bc22485f630fae62c8bf9f079de84ec

    • SHA256

      f9d998739161423a8e526158d540bf631f31590ae34d52789d44bf365a7a3f54

    • SHA512

      099dd2dd7a0e03cf91d9948fe5b92c01d790de60b54a6fd01ac98a7642741f91d1385fafd73fc4bccd6ea1a309435536a0221c61403db2cb3bd916086f39eab5

    • SSDEEP

      12288:DmM4E0htYa98ETR8eSa0NV/2zDwLpA5ApAu3OZP7Caok/LCF0m:DNY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks