Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cff8b3ec4f738a35ce344f37ef7fad2e_JaffaCakes118

  • Size

    427KB

  • Sample

    240906-t2k1mswfrr

  • MD5

    cff8b3ec4f738a35ce344f37ef7fad2e

  • SHA1

    e6bd276f3357f448aae5f8e7ffaa3e224878c521

  • SHA256

    a9da6842a63ccf687356ae2edf7719e8179bba25c7e8b768073f9ed53b44ef0d

  • SHA512

    181937409b7606f7488225ce2820969d7805c514609e39f304e4339a03bc65dfc9e18b9dc794901cf6949d5c33e9fce516426a389f4dd441c44c83ea262fdf60

  • SSDEEP

    6144:TReYcuJPlpLr94w6vTZ2oyfmi+/ZAOLofMOtQjW1qDjTTpOzglh3ZnY1Yif:TgYcuJPlpLx4Dp/ZlGtQjWE/TCE0Yi

Malware Config

Extracted

Family

redline

Botnet

@bebrik12333

C2

193.32.164.63:3172

Targets

    • Target

      cff8b3ec4f738a35ce344f37ef7fad2e_JaffaCakes118

    • Size

      427KB

    • MD5

      cff8b3ec4f738a35ce344f37ef7fad2e

    • SHA1

      e6bd276f3357f448aae5f8e7ffaa3e224878c521

    • SHA256

      a9da6842a63ccf687356ae2edf7719e8179bba25c7e8b768073f9ed53b44ef0d

    • SHA512

      181937409b7606f7488225ce2820969d7805c514609e39f304e4339a03bc65dfc9e18b9dc794901cf6949d5c33e9fce516426a389f4dd441c44c83ea262fdf60

    • SSDEEP

      6144:TReYcuJPlpLr94w6vTZ2oyfmi+/ZAOLofMOtQjW1qDjTTpOzglh3ZnY1Yif:TgYcuJPlpLx4Dp/ZlGtQjWE/TCE0Yi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks