Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2115abb3b850a690a74ea252deaa710a

  • Size

    622KB

  • Sample

    231231-aeafvacha6

  • MD5

    2115abb3b850a690a74ea252deaa710a

  • SHA1

    8e42491122339c022ee5c6cac17e547bfabd4e2a

  • SHA256

    bb2a56b2d08dfd580aa7918d7f1f844959bee7f3b868488c5e2e932c9885ec32

  • SHA512

    46e7f52f903591edad5d346312581a4d241c2fa8c2ae0760a2f469946f699475ef6956be71aba55659226d93a48574b59d19760412c2d32590e3a826d9c5757c

  • SSDEEP

    12288:iFQXX1C7b94xV/sJI7nD68b618g6ggEfzDehxTjUZW2H82h:CIOsRnDg

Malware Config

Extracted

Family

redline

Botnet

NORMAN2

C2

45.14.49.184:27587

Targets

    • Target

      2115abb3b850a690a74ea252deaa710a

    • Size

      622KB

    • MD5

      2115abb3b850a690a74ea252deaa710a

    • SHA1

      8e42491122339c022ee5c6cac17e547bfabd4e2a

    • SHA256

      bb2a56b2d08dfd580aa7918d7f1f844959bee7f3b868488c5e2e932c9885ec32

    • SHA512

      46e7f52f903591edad5d346312581a4d241c2fa8c2ae0760a2f469946f699475ef6956be71aba55659226d93a48574b59d19760412c2d32590e3a826d9c5757c

    • SSDEEP

      12288:iFQXX1C7b94xV/sJI7nD68b618g6ggEfzDehxTjUZW2H82h:CIOsRnDg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks