Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0fb9a3f942f565d4a80bc0995667cef998f47d8926da379f55d00fb6dd26a65b

  • Size

    539KB

  • Sample

    241111-b1brgazekg

  • MD5

    c0d0d1be7fff86b4740e0178ce7b6cc0

  • SHA1

    484370efb3a4d407025505bf50de5e920c3231b0

  • SHA256

    0fb9a3f942f565d4a80bc0995667cef998f47d8926da379f55d00fb6dd26a65b

  • SHA512

    f25adbebe3dee60dfae9cfacfee26039a7e78b1bcacbe1a0d1132857975e3f0893888cceba225fa8152c69507e432c57bc753aff0bd3f94a8cd030b0c6e62686

  • SSDEEP

    12288:VMrhy90B+aZAJPu/sY/wzLeqjR7NDUtMF7u3G2ag0oev:cy7P6ILeqjByEc2g01

Malware Config

Extracted

Family

redline

Botnet

fuka

C2

193.233.20.11:4131

Attributes
  • auth_value

    90eef520554ef188793d77ecc34217bf

Targets

    • Target

      0fb9a3f942f565d4a80bc0995667cef998f47d8926da379f55d00fb6dd26a65b

    • Size

      539KB

    • MD5

      c0d0d1be7fff86b4740e0178ce7b6cc0

    • SHA1

      484370efb3a4d407025505bf50de5e920c3231b0

    • SHA256

      0fb9a3f942f565d4a80bc0995667cef998f47d8926da379f55d00fb6dd26a65b

    • SHA512

      f25adbebe3dee60dfae9cfacfee26039a7e78b1bcacbe1a0d1132857975e3f0893888cceba225fa8152c69507e432c57bc753aff0bd3f94a8cd030b0c6e62686

    • SSDEEP

      12288:VMrhy90B+aZAJPu/sY/wzLeqjR7NDUtMF7u3G2ag0oev:cy7P6ILeqjByEc2g01

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks