Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

  • Size

    929KB

  • Sample

    230930-eltwaage9s

  • MD5

    76b3a40fd758959fec86fd5a4c865b50

  • SHA1

    f4f223739a155d32e88b6289a2a6c501e066340a

  • SHA256

    1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

  • SHA512

    3eddf821e0acc072caf7db042db5875081240c2ec3cf520d062ecb2568736d0cbd54c7b93d1cda9f3bba13778e2982f6086e0839a7b3934bc8e8403de85aafcc

  • SSDEEP

    12288:pMrey90iklQJ7PNUZ+wAeUhY2Tsy0VOcxQc41lfeQ83DE1nYeA7s6BrWRYso2VHp:byZkGJG+HluvxQDeQ5us6p5+IE6nEjV

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

    • Size

      929KB

    • MD5

      76b3a40fd758959fec86fd5a4c865b50

    • SHA1

      f4f223739a155d32e88b6289a2a6c501e066340a

    • SHA256

      1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

    • SHA512

      3eddf821e0acc072caf7db042db5875081240c2ec3cf520d062ecb2568736d0cbd54c7b93d1cda9f3bba13778e2982f6086e0839a7b3934bc8e8403de85aafcc

    • SSDEEP

      12288:pMrey90iklQJ7PNUZ+wAeUhY2Tsy0VOcxQc41lfeQ83DE1nYeA7s6BrWRYso2VHp:byZkGJG+HluvxQDeQ5us6p5+IE6nEjV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks