Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221027-tlsqjscgfr

  • MD5

    79cf8b836dad7e0025e9ff2c5ed8787a

  • SHA1

    895b65ee58e05a727179c587e34a99515521c8c0

  • SHA256

    e06350ca8bc607363fdbe88455138486915f61a3a6f06a04031ac970b63d8b7d

  • SHA512

    b96f1924eab2a8d857233e3f6247319a4c9e2827805492fdd62ff1f24a8c38effb63286a364ae7bd56395316d3c8f2674a412c42055a81dfc836c75d8cdb9a4e

  • SSDEEP

    49152:eKikSEdDk9dC/CCTPQmA1PnHvr0cYNu4hGV0EvnISxtYG:eKPSEdDkjCKEcQc8u/nZYG

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      79cf8b836dad7e0025e9ff2c5ed8787a

    • SHA1

      895b65ee58e05a727179c587e34a99515521c8c0

    • SHA256

      e06350ca8bc607363fdbe88455138486915f61a3a6f06a04031ac970b63d8b7d

    • SHA512

      b96f1924eab2a8d857233e3f6247319a4c9e2827805492fdd62ff1f24a8c38effb63286a364ae7bd56395316d3c8f2674a412c42055a81dfc836c75d8cdb9a4e

    • SSDEEP

      49152:eKikSEdDk9dC/CCTPQmA1PnHvr0cYNu4hGV0EvnISxtYG:eKPSEdDkjCKEcQc8u/nZYG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks