Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    25061f7c5f6cba19b00ba46c684bb5dd

  • Size

    1.2MB

  • Sample

    231231-c89txaced5

  • MD5

    25061f7c5f6cba19b00ba46c684bb5dd

  • SHA1

    d313a669b26395b13e5197e186ba5a9dd79579ae

  • SHA256

    73dc45d12cbf0b6e8f2f6a439c7bf4da5b4ec51504690db81fee39adb0edd1b4

  • SHA512

    ef6dc57b5caf84b0914b790a7c599a0b567477a9a297f18b5895b8afefbb3697fb705d72d69b66faf26bfbc90497b4f7af921aaae8ab9fd659d50484e953dd70

  • SSDEEP

    6144:sFxb4HalkX/5Okcxpny0mjn/db2xPGnDq3cUkxChx4ZfAb7nC0WEG05iTeBWT:wxbYcxpy0mjn/NC0MkxChx4S95dBWT

Malware Config

Extracted

Family

redline

Botnet

ruzkii

C2

verecalina.xyz:80

Targets

    • Target

      25061f7c5f6cba19b00ba46c684bb5dd

    • Size

      1.2MB

    • MD5

      25061f7c5f6cba19b00ba46c684bb5dd

    • SHA1

      d313a669b26395b13e5197e186ba5a9dd79579ae

    • SHA256

      73dc45d12cbf0b6e8f2f6a439c7bf4da5b4ec51504690db81fee39adb0edd1b4

    • SHA512

      ef6dc57b5caf84b0914b790a7c599a0b567477a9a297f18b5895b8afefbb3697fb705d72d69b66faf26bfbc90497b4f7af921aaae8ab9fd659d50484e953dd70

    • SSDEEP

      6144:sFxb4HalkX/5Okcxpny0mjn/db2xPGnDq3cUkxChx4ZfAb7nC0WEG05iTeBWT:wxbYcxpy0mjn/NC0MkxChx4S95dBWT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks