Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    40001deebcf679f212c0c7b1213c60432ac9f31217888a0791cc476b407d00b3

  • Size

    1.3MB

  • Sample

    230918-1l3dbafa89

  • MD5

    9edc522f25bfe83833ad86194a159f7f

  • SHA1

    e0a58ecbc04824bef6842168ddee3d7312bb9d41

  • SHA256

    40001deebcf679f212c0c7b1213c60432ac9f31217888a0791cc476b407d00b3

  • SHA512

    f61b30021f0e61db9c408522d955d9dd9be5cce1471267c8858c2b84b3d28c92740b3f16e131038a83d32f858b3a3ad586826e235e48d328987c029085e04fa4

  • SSDEEP

    24576:zQWR5eYC8xWOKih0psqSXidHFeTUPyoe426pAt3kHzz8rzJIf9s:r5eYC8xbKlpV2apPa+p03izg36f9s

Malware Config

Extracted

Family

redline

Botnet

vasha

C2

77.91.124.82:19071

Attributes
  • auth_value

    42fc61786274daca54d589b85a2c1954

Targets

    • Target

      40001deebcf679f212c0c7b1213c60432ac9f31217888a0791cc476b407d00b3

    • Size

      1.3MB

    • MD5

      9edc522f25bfe83833ad86194a159f7f

    • SHA1

      e0a58ecbc04824bef6842168ddee3d7312bb9d41

    • SHA256

      40001deebcf679f212c0c7b1213c60432ac9f31217888a0791cc476b407d00b3

    • SHA512

      f61b30021f0e61db9c408522d955d9dd9be5cce1471267c8858c2b84b3d28c92740b3f16e131038a83d32f858b3a3ad586826e235e48d328987c029085e04fa4

    • SSDEEP

      24576:zQWR5eYC8xWOKih0psqSXidHFeTUPyoe426pAt3kHzz8rzJIf9s:r5eYC8xbKlpV2apPa+p03izg36f9s

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks