Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    230e3b79f172036cc9355a1b63795803a601d9f8d70eed31fcece6b2f7cf3c52

  • Size

    928KB

  • Sample

    230923-q49v1afh5x

  • MD5

    fe805e96b91b7a8ce2495aca1be1431e

  • SHA1

    dc795b154e3c184d122c060997d8cb8ce28df821

  • SHA256

    230e3b79f172036cc9355a1b63795803a601d9f8d70eed31fcece6b2f7cf3c52

  • SHA512

    83eb86e1ef2c611e73cb732099465b248090b9ae3d220491a834101bcf04b4103a29e81d79559b67e8b1f6ed27203a911c2bef3c0fb579ade7054d3620bc0f94

  • SSDEEP

    24576:Oyu8U8jCtGrHKV6vfkHR0CxD7u7dPIDp0Y5:dpjCIHKV7HRhxDE9up0

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      230e3b79f172036cc9355a1b63795803a601d9f8d70eed31fcece6b2f7cf3c52

    • Size

      928KB

    • MD5

      fe805e96b91b7a8ce2495aca1be1431e

    • SHA1

      dc795b154e3c184d122c060997d8cb8ce28df821

    • SHA256

      230e3b79f172036cc9355a1b63795803a601d9f8d70eed31fcece6b2f7cf3c52

    • SHA512

      83eb86e1ef2c611e73cb732099465b248090b9ae3d220491a834101bcf04b4103a29e81d79559b67e8b1f6ed27203a911c2bef3c0fb579ade7054d3620bc0f94

    • SSDEEP

      24576:Oyu8U8jCtGrHKV6vfkHR0CxD7u7dPIDp0Y5:dpjCIHKV7HRhxDE9up0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks