Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1359e8e8465082ba0c2c051f037f0bdc

  • Size

    233KB

  • Sample

    231230-kbge4acec5

  • MD5

    1359e8e8465082ba0c2c051f037f0bdc

  • SHA1

    5311c8e18bd084496422f991918a94e51ac5a6fa

  • SHA256

    e7249531617d5c58435be5fbd56c54405de6f5b02aff81d12989ed69d08fbd7e

  • SHA512

    5947da753d6ff6ab600d39f86f384221df78615f452b541331c623d12f916d2c054008e922e4e35f459b1c55b826ff6c353405fc96d8be01bd2879c454c5e014

  • SSDEEP

    6144:5gvZ4ZAOA4pE9xk4r+8Sh6wpV2dcP3TEhcfNWHxck:5gvZ4ZAopEHSmmxP3VfCxck

Malware Config

Extracted

Family

redline

Botnet

birzha2

C2

46.8.19.196:53773

Targets

    • Target

      1359e8e8465082ba0c2c051f037f0bdc

    • Size

      233KB

    • MD5

      1359e8e8465082ba0c2c051f037f0bdc

    • SHA1

      5311c8e18bd084496422f991918a94e51ac5a6fa

    • SHA256

      e7249531617d5c58435be5fbd56c54405de6f5b02aff81d12989ed69d08fbd7e

    • SHA512

      5947da753d6ff6ab600d39f86f384221df78615f452b541331c623d12f916d2c054008e922e4e35f459b1c55b826ff6c353405fc96d8be01bd2879c454c5e014

    • SSDEEP

      6144:5gvZ4ZAOA4pE9xk4r+8Sh6wpV2dcP3TEhcfNWHxck:5gvZ4ZAopEHSmmxP3VfCxck

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks