Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3481ffb7a478ee0108aa887764f7684a0203a03712b92c77ba385ea73f8e5f26

  • Size

    479KB

  • Sample

    241111-cdz18ayrbt

  • MD5

    c3bee8f6205cea445b6d4bff688a7c86

  • SHA1

    2e60eb8161dd24c073d73b62cf485dcee00cd6e3

  • SHA256

    3481ffb7a478ee0108aa887764f7684a0203a03712b92c77ba385ea73f8e5f26

  • SHA512

    d21b03111b0e70397b5af9e94c47060adca3e58f56898d6416777ff6691753b6e2a2f2f6f9f84121a5f5207ac1bdff3d918fc3016d957e353d953bab484f28e1

  • SSDEEP

    6144:Khy+bnr+Mp0yN90QEBsBdsFepZkeP93bUjqodCOcKyBIv1ijn0t8TlXwIpxZ54UW:DMrYy90bsBeKgdqKyU9t8xXwyrHWJLl

Malware Config

Extracted

Family

redline

Botnet

ditro

C2

217.196.96.101:4132

Attributes
  • auth_value

    8f24ed370a9b24aa28d3d634ea57912e

Targets

    • Target

      3481ffb7a478ee0108aa887764f7684a0203a03712b92c77ba385ea73f8e5f26

    • Size

      479KB

    • MD5

      c3bee8f6205cea445b6d4bff688a7c86

    • SHA1

      2e60eb8161dd24c073d73b62cf485dcee00cd6e3

    • SHA256

      3481ffb7a478ee0108aa887764f7684a0203a03712b92c77ba385ea73f8e5f26

    • SHA512

      d21b03111b0e70397b5af9e94c47060adca3e58f56898d6416777ff6691753b6e2a2f2f6f9f84121a5f5207ac1bdff3d918fc3016d957e353d953bab484f28e1

    • SSDEEP

      6144:Khy+bnr+Mp0yN90QEBsBdsFepZkeP93bUjqodCOcKyBIv1ijn0t8TlXwIpxZ54UW:DMrYy90bsBeKgdqKyU9t8xXwyrHWJLl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks