Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

05/10/2024, 17:58

241005-wkfeyaybkl 10

General

  • Target

    FoxGPT.exe

  • Size

    11.7MB

  • Sample

    241005-wkfeyaybkl

  • MD5

    70ae44c33f2bc89e0b1aa4c1e616579d

  • SHA1

    996071535f9ced7df27e676a96a41c4887dd285f

  • SHA256

    b761861f7b9817ca62cf48c54f304631c90922bf8760de3724c63e4f067dd542

  • SHA512

    d5922b50e5a290ae9fd49270d8c68dc51e32929d9f67bef4e84a0a27f34997949eeaa5d20a353de04848dee96850a205cb44a6eaf12bc30ee37c28e49547628c

  • SSDEEP

    196608:chgRB5tz81kUt6UxwDyIgOxJia1xR2F6+x9yfKDDGdTq1JLZcdxD:cm9O6U4yIgCJiU2DbDrJLZy

Malware Config

Extracted

Family

redline

Botnet

SpotifyChecker2

C2

172.205.128.102:1912

Targets

    • Target

      FoxGPT.exe

    • Size

      11.7MB

    • MD5

      70ae44c33f2bc89e0b1aa4c1e616579d

    • SHA1

      996071535f9ced7df27e676a96a41c4887dd285f

    • SHA256

      b761861f7b9817ca62cf48c54f304631c90922bf8760de3724c63e4f067dd542

    • SHA512

      d5922b50e5a290ae9fd49270d8c68dc51e32929d9f67bef4e84a0a27f34997949eeaa5d20a353de04848dee96850a205cb44a6eaf12bc30ee37c28e49547628c

    • SSDEEP

      196608:chgRB5tz81kUt6UxwDyIgOxJia1xR2F6+x9yfKDDGdTq1JLZcdxD:cm9O6U4yIgCJiU2DbDrJLZy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Obfuscated Files or Information: Command Obfuscation

      Adversaries may obfuscate content during command execution to impede detection.

MITRE ATT&CK Enterprise v15

Tasks