Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    713KB

  • Sample

    221127-qlm9aaag55

  • MD5

    218bfce507db9c76efc9dd6eaddf0bcc

  • SHA1

    09c9950fdc86ba54a3ca490ac64156bc18584e13

  • SHA256

    4585d6740fbbe09a00a94762ea7d682e51cd58edf64770b96a62bfdef55fc774

  • SHA512

    add729ce2d0e251be3d2b20b4c0629728bf0bf8e1ddf571bf4aa68fc4a79d7fe8c488418f562bf4521809c195492edef9857407173f95dce2433e10cd36c975d

  • SSDEEP

    6144:iVsSb8zPezouceyIhWRDuD2A4YZGcDXW8jOD/gSDgag6/lkw3RRxxNjfOBzxIL:YsQz1ZyFRi2AzW77gSD1WwN

Malware Config

Extracted

Family

redline

Botnet

LogsCloud

C2

151.80.89.227:45878

Attributes
  • auth_value

    3122c177d4109932092e46f83a2e0f2f

Targets

    • Target

      file.exe

    • Size

      713KB

    • MD5

      218bfce507db9c76efc9dd6eaddf0bcc

    • SHA1

      09c9950fdc86ba54a3ca490ac64156bc18584e13

    • SHA256

      4585d6740fbbe09a00a94762ea7d682e51cd58edf64770b96a62bfdef55fc774

    • SHA512

      add729ce2d0e251be3d2b20b4c0629728bf0bf8e1ddf571bf4aa68fc4a79d7fe8c488418f562bf4521809c195492edef9857407173f95dce2433e10cd36c975d

    • SSDEEP

      6144:iVsSb8zPezouceyIhWRDuD2A4YZGcDXW8jOD/gSDgag6/lkw3RRxxNjfOBzxIL:YsQz1ZyFRi2AzW77gSD1WwN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks