Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e79c0eb23a7f154e18d9ad0c6ebeda3e_JaffaCakes118

  • Size

    605KB

  • Sample

    240408-q7vv9aaf52

  • MD5

    e79c0eb23a7f154e18d9ad0c6ebeda3e

  • SHA1

    e44f16dfe0d63f1d758e60bae3622fca8e834e97

  • SHA256

    64af392e3667f1261aeb70ae530c4e47af1ba01834b3c6da9e4eeee89cd206c6

  • SHA512

    73908bd86c8bd90b10e288554fe1e89444bc38a1fa181b711d43f20fda06736e91ace7ff429488adc0d79f196f9d2b1e7cab11542706a021a9ed0790672dcf2f

  • SSDEEP

    12288:iaalveqz2Uxibc9fKu0Jy5+ihyqqe0RYqojEYIw8VEOksYzvY:0vY

Malware Config

Extracted

Family

redline

Botnet

@gulkav

C2

vivesemoss.xyz:80

Targets

    • Target

      e79c0eb23a7f154e18d9ad0c6ebeda3e_JaffaCakes118

    • Size

      605KB

    • MD5

      e79c0eb23a7f154e18d9ad0c6ebeda3e

    • SHA1

      e44f16dfe0d63f1d758e60bae3622fca8e834e97

    • SHA256

      64af392e3667f1261aeb70ae530c4e47af1ba01834b3c6da9e4eeee89cd206c6

    • SHA512

      73908bd86c8bd90b10e288554fe1e89444bc38a1fa181b711d43f20fda06736e91ace7ff429488adc0d79f196f9d2b1e7cab11542706a021a9ed0790672dcf2f

    • SSDEEP

      12288:iaalveqz2Uxibc9fKu0Jy5+ihyqqe0RYqojEYIw8VEOksYzvY:0vY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks