Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4097f39b2f4df3413e17f2edde16ef80_NeikiAnalytics

  • Size

    479KB

  • Sample

    240510-w136yaah6s

  • MD5

    4097f39b2f4df3413e17f2edde16ef80

  • SHA1

    87034f08e1d3d5a39d2c9b1ee55de70ab782b9e3

  • SHA256

    66821762b2a591d0a9feba7726e852660e185a1f158f742fc459ee129cad4226

  • SHA512

    9a655ad0d7381e050006f6468d68aee3534e5205b7ebed9c79a9aa51fc0a5f5849aecd1186c39b9fa7c6990f61eb77b3a3e8dc07064688cc3331efaec05d9712

  • SSDEEP

    12288:YMrcy90XjE0KA0o4heYFe86n5xXT2ayW93iD:UygL0YY4Lj2aeD

Malware Config

Extracted

Family

redline

Botnet

dumud

C2

217.196.96.101:4132

Attributes
  • auth_value

    3e18d4b90418aa3e78d8822e87c62f5c

Targets

    • Target

      4097f39b2f4df3413e17f2edde16ef80_NeikiAnalytics

    • Size

      479KB

    • MD5

      4097f39b2f4df3413e17f2edde16ef80

    • SHA1

      87034f08e1d3d5a39d2c9b1ee55de70ab782b9e3

    • SHA256

      66821762b2a591d0a9feba7726e852660e185a1f158f742fc459ee129cad4226

    • SHA512

      9a655ad0d7381e050006f6468d68aee3534e5205b7ebed9c79a9aa51fc0a5f5849aecd1186c39b9fa7c6990f61eb77b3a3e8dc07064688cc3331efaec05d9712

    • SSDEEP

      12288:YMrcy90XjE0KA0o4heYFe86n5xXT2ayW93iD:UygL0YY4Lj2aeD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks