Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198

  • Size

    847KB

  • Sample

    230930-qlebdace9z

  • MD5

    503da9d1629d30c10c5efc25d4328193

  • SHA1

    b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701

  • SHA256

    dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198

  • SHA512

    a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41

  • SSDEEP

    12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP

Malware Config

Extracted

Family

redline

Botnet

luska

C2

77.91.124.55:19071

Attributes
  • auth_value

    a6797888f51a88afbfd8854a79ac9357

Targets

    • Target

      dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198

    • Size

      847KB

    • MD5

      503da9d1629d30c10c5efc25d4328193

    • SHA1

      b94d04f6e6c96d12e7c7695be7ebfb9a1f46f701

    • SHA256

      dfe828d6dfab1d5e86b633e4abcda02c6d4e9c87b8cf1ab43c239308a4409198

    • SHA512

      a28d03ba2911b1b1654b6f06f90b151aa1929286f0c1f6afcfde813b4a178b28be8845080d717870601c85d0730e66adb9b336a12ce67e98e959779489a65b41

    • SSDEEP

      12288:pMr8y90/fEu/uE0IZj5UBup4rHSso2v2R4Dsg0Zra//ZiPWPMi0LsIOIxkYcB8Bf:xyqTuXuRgPwryZ3PTOxkDeQhcP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks