Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    66721704fcb230df0479066c961b704d.exe

  • Size

    1.3MB

  • Sample

    221029-3lj8vacebn

  • MD5

    66721704fcb230df0479066c961b704d

  • SHA1

    06846af0ac608f14177c26cb3c15bf2a028a736e

  • SHA256

    d3eadb0bfec97357ff2aab4b1a0cf0e241de29eef7c67c9def68b40142fe1f31

  • SHA512

    9b05d40c8f11dc360473cf072bd9d79642cd27cf9d37b43a878c7228093c4a7fc92da1633492e5495be88c29cb0c2051f93ddf4633478db04570400cd853e4ff

  • SSDEEP

    24576:mpRkyTKA1eBSjvjmviCWYoa19btJGnjPGcoielIYACCSFAsnCE:BU5ex6zxa19btJGnrguYAERC

Malware Config

Extracted

Family

redline

Botnet

@EBANIYNOYNAME

C2

82.115.223.162:26393

Attributes
  • auth_value

    3517499b9df589c8c64f775931cb7b6d

Targets

    • Target

      66721704fcb230df0479066c961b704d.exe

    • Size

      1.3MB

    • MD5

      66721704fcb230df0479066c961b704d

    • SHA1

      06846af0ac608f14177c26cb3c15bf2a028a736e

    • SHA256

      d3eadb0bfec97357ff2aab4b1a0cf0e241de29eef7c67c9def68b40142fe1f31

    • SHA512

      9b05d40c8f11dc360473cf072bd9d79642cd27cf9d37b43a878c7228093c4a7fc92da1633492e5495be88c29cb0c2051f93ddf4633478db04570400cd853e4ff

    • SSDEEP

      24576:mpRkyTKA1eBSjvjmviCWYoa19btJGnjPGcoielIYACCSFAsnCE:BU5ex6zxa19btJGnrguYAERC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks