Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Rh0ES6EV.exe

  • Size

    1.1MB

  • Sample

    231004-f192gshc8v

  • MD5

    eda41d4aeb1a680f6f1115003347ac6e

  • SHA1

    094f662631a06c3efc7f6407c996a6aac4d3af00

  • SHA256

    855c742abd80826b49dc1e2cc9240fbf5afcf29772ed4a5fae078555dd0f9b64

  • SHA512

    7a92569be4de4ccdc8a60dc6bc62df0b3764ce8a6eba737afa6fc3a381375b03f47dd3387ce06d758fdcfd89f425eef42476688c844ce41025690dba242fbee2

  • SSDEEP

    24576:VyorWqFGyhgEQglGijLKo/IgH51OeNgiKETcnNSJwo20FORLJ9R7:wmWqFGwg6lGijLKo/hH51OYthTWi2

Malware Config

Extracted

Family

redline

Botnet

gigant

C2

77.91.124.55:19071

Targets

    • Target

      Rh0ES6EV.exe

    • Size

      1.1MB

    • MD5

      eda41d4aeb1a680f6f1115003347ac6e

    • SHA1

      094f662631a06c3efc7f6407c996a6aac4d3af00

    • SHA256

      855c742abd80826b49dc1e2cc9240fbf5afcf29772ed4a5fae078555dd0f9b64

    • SHA512

      7a92569be4de4ccdc8a60dc6bc62df0b3764ce8a6eba737afa6fc3a381375b03f47dd3387ce06d758fdcfd89f425eef42476688c844ce41025690dba242fbee2

    • SSDEEP

      24576:VyorWqFGyhgEQglGijLKo/IgH51OeNgiKETcnNSJwo20FORLJ9R7:wmWqFGwg6lGijLKo/hH51OYthTWi2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks