Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

127f004aa5...a6.exe

windows7-x64

10

127f004aa5...a6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6.exe

  • Size

    556KB

  • Sample

    240726-sseltswckn

  • MD5

    f0069a191eadd5025d83987fea4f30a2

  • SHA1

    c7d36631d43d029554434fa85607fab7c9a7f45a

  • SHA256

    127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6

  • SHA512

    e820f2595e7d389794ef0ebd1b6606c0093085c745d7009831006e267ba316af1aae4fcf5868d1d3d23d5adb16570ab4c06c54997e1b13082eb538b98e73853d

  • SSDEEP

    12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz

Score
10/10
redlinesectopratrolydiscoveryexecutioninfostealerrattrojan

Malware Config

Extracted

Family

redline

Botnet

Roly

C2

91.92.248.117:65012

Targets

    • Target

      127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6.exe

    • Size

      556KB

    • MD5

      f0069a191eadd5025d83987fea4f30a2

    • SHA1

      c7d36631d43d029554434fa85607fab7c9a7f45a

    • SHA256

      127f004aa520d389ab754125c7d87370324268d4f69564e9007f38496bceb8a6

    • SHA512

      e820f2595e7d389794ef0ebd1b6606c0093085c745d7009831006e267ba316af1aae4fcf5868d1d3d23d5adb16570ab4c06c54997e1b13082eb538b98e73853d

    • SSDEEP

      12288:nglfloOJRYWq9DcElgYP4krKTIG/YZRIIhqsDGK30oQup4AHz:etoOJbWcIgYgkWZYL9tkqnz

    Score
    10/10
    redlinesectopratrolydiscoveryexecutioninfostealerrattrojan

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

      trojanratsectoprat

    • SectopRAT payload

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks