Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a654bb4ea84b0672f08f8f55446768cbd19cb6591d24083c52dad79cc8435f23

  • Size

    479KB

  • Sample

    241111-bm6dxszcjg

  • MD5

    c8874dfad5b5c66af668c96187e6442e

  • SHA1

    ba160bd09471aaf8aaadb000c23887debec44db1

  • SHA256

    a654bb4ea84b0672f08f8f55446768cbd19cb6591d24083c52dad79cc8435f23

  • SHA512

    28d5e312dce7828a792f0bc124b3f56ea02595083c3af7e671d1d0e9ef932a11d8173b0e4afcaae5b9b51e19be0549bbaadc9e27bcaeb3c725eb664721ab2e7c

  • SSDEEP

    12288:RMr7y90WBAsZriQ6EEG8HY+iL7v6aRWqu8JuV/xXW:ayzAsZm9g84Tj6k1FJuV/xXW

Malware Config

Extracted

Family

redline

Botnet

divan

C2

217.196.96.102:4132

Attributes
  • auth_value

    b414986bebd7f5a3ec9aee0341b8e769

Targets

    • Target

      a654bb4ea84b0672f08f8f55446768cbd19cb6591d24083c52dad79cc8435f23

    • Size

      479KB

    • MD5

      c8874dfad5b5c66af668c96187e6442e

    • SHA1

      ba160bd09471aaf8aaadb000c23887debec44db1

    • SHA256

      a654bb4ea84b0672f08f8f55446768cbd19cb6591d24083c52dad79cc8435f23

    • SHA512

      28d5e312dce7828a792f0bc124b3f56ea02595083c3af7e671d1d0e9ef932a11d8173b0e4afcaae5b9b51e19be0549bbaadc9e27bcaeb3c725eb664721ab2e7c

    • SSDEEP

      12288:RMr7y90WBAsZriQ6EEG8HY+iL7v6aRWqu8JuV/xXW:ayzAsZm9g84Tj6k1FJuV/xXW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks