Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a96b4fac36efb0df7930f7fe19b9b6a

  • Size

    309KB

  • Sample

    231231-gg399sbaa6

  • MD5

    2a96b4fac36efb0df7930f7fe19b9b6a

  • SHA1

    9bbc377eeb1f58002cfea817f78efa91b16e85ec

  • SHA256

    be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e

  • SHA512

    82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4

  • SSDEEP

    3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA

Malware Config

Extracted

Family

redline

Botnet

@DashyKnight

C2

80.89.229.97:7479

Targets

    • Target

      2a96b4fac36efb0df7930f7fe19b9b6a

    • Size

      309KB

    • MD5

      2a96b4fac36efb0df7930f7fe19b9b6a

    • SHA1

      9bbc377eeb1f58002cfea817f78efa91b16e85ec

    • SHA256

      be2d3b6889b9ca8882be65aff3224179df54c0599b2fad90bdb55e211024472e

    • SHA512

      82ad01d52c443e62463a3140aded6b473c6dfdc03dd56609f67024b32bd37a8945131e0a7077855f59249da56994633e389a71c57d259c1d12c7ff04a5b3b8f4

    • SSDEEP

      3072:nJJh6BbCqA4w//xQwRti4LT8yf6905sd1MvfN2FjGVr51VXNmfV8XBJ3dAQ:fkXAD2qDLKDyfN2ZgrTV9mfVSXdA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks