Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7

  • Size

    929KB

  • Sample

    230923-qn96tsff9w

  • MD5

    3755ec6ff61be24c7f3270251e310201

  • SHA1

    bd8602f8f69de61cc6d0402a19941700e9f87ee8

  • SHA256

    6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7

  • SHA512

    4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810

  • SSDEEP

    12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7

    • Size

      929KB

    • MD5

      3755ec6ff61be24c7f3270251e310201

    • SHA1

      bd8602f8f69de61cc6d0402a19941700e9f87ee8

    • SHA256

      6bb6c751a7dc254a2de88a09832fd0f5a0d67c1a237a2d3a549bfcb575100ae7

    • SHA512

      4e948e4af57b3a9ddff258ff6961819bef240a9d8ec1efc032dbab652f71bae9a898071081f02f5301e07284e89b1fbf4011ab8332194da23aeee82de8d13810

    • SSDEEP

      12288:/MrQy900smtl3kLPvEfte09n9TpRaRPRZXr3o9wZ4bLOVlhrVd8IF+86hUBGE6KH:zyu0leWtfXXYC2VVd6/hUBGEJ+p8HJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks