Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    076a9bc34906773ee8b5f6f94c661689c89dab51d9b8a36d326dab9bf14f23f4

  • Size

    1.0MB

  • Sample

    230922-e7874aeh94

  • MD5

    0b61e85d556a316b061e77777a13e5e8

  • SHA1

    cc6cf74bf165fcd0658d549c33e5894eee9473b0

  • SHA256

    076a9bc34906773ee8b5f6f94c661689c89dab51d9b8a36d326dab9bf14f23f4

  • SHA512

    d4f54a8717cb143e191f8dd7f2fb9e2d18e9aae38b08059d26cc008387efa3cf896b7fccf6e94517776f3f3a4c2b9949b80faa6982990f2325ee297ceb2c0ffd

  • SSDEEP

    24576:ayAPspQvmBtZ+0RxLseV0ehY7b1ZeKYM6Y0j:hxp60MUZtUNZeKDR

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      076a9bc34906773ee8b5f6f94c661689c89dab51d9b8a36d326dab9bf14f23f4

    • Size

      1.0MB

    • MD5

      0b61e85d556a316b061e77777a13e5e8

    • SHA1

      cc6cf74bf165fcd0658d549c33e5894eee9473b0

    • SHA256

      076a9bc34906773ee8b5f6f94c661689c89dab51d9b8a36d326dab9bf14f23f4

    • SHA512

      d4f54a8717cb143e191f8dd7f2fb9e2d18e9aae38b08059d26cc008387efa3cf896b7fccf6e94517776f3f3a4c2b9949b80faa6982990f2325ee297ceb2c0ffd

    • SSDEEP

      24576:ayAPspQvmBtZ+0RxLseV0ehY7b1ZeKYM6Y0j:hxp60MUZtUNZeKDR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks