Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    RIOT BRUTE v.0.7.exe

  • Size

    41.4MB

  • Sample

    230415-s5qjvsgb6x

  • MD5

    78dd0c1b766ac88a465b462969e1e7c1

  • SHA1

    5dca6845eabdbd89bb7cfe30dab8e59b909274b1

  • SHA256

    e755ee8301b3bc79e0aef9dad46b17f5ed7aff12a23986702c53dac1592d0669

  • SHA512

    d6e7563c106f1355389b31ac84697c2926fd43f173f027fa30dec5dca4cd4cee9470e559c2ed34dc47f30809c8ce91ec98b40f05724070eab54d8a3f300cd53f

  • SSDEEP

    786432:EHf+YFT57yO5I27EImKCD0S+F22DPToF/e6Gj4XN4Kzgk3WDsFBhnaHABaUI7d48:EHf+YFMO5tnowBDEF/y4NbBhnFBC3ok

Malware Config

Extracted

Family

redline

Botnet

1871187217_99

C2

dragrun.top:28786

Attributes
  • auth_value

    c632c0eb14cc516c3818f68efcd30269

Targets

    • Target

      RIOT BRUTE v.0.7.exe

    • Size

      41.4MB

    • MD5

      78dd0c1b766ac88a465b462969e1e7c1

    • SHA1

      5dca6845eabdbd89bb7cfe30dab8e59b909274b1

    • SHA256

      e755ee8301b3bc79e0aef9dad46b17f5ed7aff12a23986702c53dac1592d0669

    • SHA512

      d6e7563c106f1355389b31ac84697c2926fd43f173f027fa30dec5dca4cd4cee9470e559c2ed34dc47f30809c8ce91ec98b40f05724070eab54d8a3f300cd53f

    • SSDEEP

      786432:EHf+YFT57yO5I27EImKCD0S+F22DPToF/e6Gj4XN4Kzgk3WDsFBhnaHABaUI7d48:EHf+YFMO5tnowBDEF/y4NbBhnFBC3ok

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks