Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c399c3d52b5dc4d60230e1da4daf358d.bin

  • Size

    354KB

  • Sample

    230424-cgfrraag81

  • MD5

    c399c3d52b5dc4d60230e1da4daf358d

  • SHA1

    52f59971296960fda1376f7731b797049a7965c3

  • SHA256

    50ab57ec39642fb2d98e3bd5b412eb0b90db8f6c4d8c19993d534186073f1c04

  • SHA512

    dd80306d9c7a6f7a1062b5834fd3ccd9b295ce021fd3ee86e8a3406811fbb6b1a2f8ac4e5a901653ad9490f5a22b01c92f234655fa6008d0aca70f153f952f3c

  • SSDEEP

    6144:eLbeeki6964UMvt1M3U7AOA2Woe+yYzFQ0eh/eUfhMLa5/:AiekcWx7a0yZ0XUfAa5

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      c399c3d52b5dc4d60230e1da4daf358d.bin

    • Size

      354KB

    • MD5

      c399c3d52b5dc4d60230e1da4daf358d

    • SHA1

      52f59971296960fda1376f7731b797049a7965c3

    • SHA256

      50ab57ec39642fb2d98e3bd5b412eb0b90db8f6c4d8c19993d534186073f1c04

    • SHA512

      dd80306d9c7a6f7a1062b5834fd3ccd9b295ce021fd3ee86e8a3406811fbb6b1a2f8ac4e5a901653ad9490f5a22b01c92f234655fa6008d0aca70f153f952f3c

    • SSDEEP

      6144:eLbeeki6964UMvt1M3U7AOA2Woe+yYzFQ0eh/eUfhMLa5/:AiekcWx7a0yZ0XUfAa5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks