Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4692f2846bec49834f1f7883b3c34f69.exe

  • Size

    173KB

  • Sample

    240103-ryrynshba3

  • MD5

    4692f2846bec49834f1f7883b3c34f69

  • SHA1

    82dd9581d723545a09e38aa651c55e4853c50539

  • SHA256

    61cc47e693b47ffb398d588d9a8253aac9fd9c3e231df6a80478b49d5fc61bad

  • SHA512

    04ace52e0fc8901b4a13d9b1d5610df75c2b205fc0d1515ba2027256bb4ceb0606d8dadc69cc955b0705e6fc2d70a8a90d28425fdae2c40f59af46582ab50f4e

  • SSDEEP

    3072:hqZ2UAWRpsO446o6//CAa8RivuNR/zM2RkKz1:hq4Unrqc6/WDvuZ11

Malware Config

Extracted

Family

redline

Botnet

rich

C2

91.121.146.23:9519

Targets

    • Target

      4692f2846bec49834f1f7883b3c34f69.exe

    • Size

      173KB

    • MD5

      4692f2846bec49834f1f7883b3c34f69

    • SHA1

      82dd9581d723545a09e38aa651c55e4853c50539

    • SHA256

      61cc47e693b47ffb398d588d9a8253aac9fd9c3e231df6a80478b49d5fc61bad

    • SHA512

      04ace52e0fc8901b4a13d9b1d5610df75c2b205fc0d1515ba2027256bb4ceb0606d8dadc69cc955b0705e6fc2d70a8a90d28425fdae2c40f59af46582ab50f4e

    • SSDEEP

      3072:hqZ2UAWRpsO446o6//CAa8RivuNR/zM2RkKz1:hq4Unrqc6/WDvuZ11

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks