Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4

  • Size

    913KB

  • Sample

    231011-y27lvscg74

  • MD5

    3b031be777ad59f4ef2798e5334bf00b

  • SHA1

    d7a5673ac36b1cafeada08dd33461ff465ca01fa

  • SHA256

    e5d89d247eaf052187a418439a1f1a6b1bc713b5e1937bcd9f730a9b0e7b99e9

  • SHA512

    7d2a0dd7b7e6d014cabd1634d7d5a9479339c5dd91ca7fab11f94e790af9f1db74b30b5c19552e2279c88edd2cd9d880183dea466256fc5838dc6aead8a9db99

  • SSDEEP

    24576:3lyXsnuYgC2mx28xdtdIGvtk/KaFW/OjC95SyN5bcKwiw:wcLVJx5dtdfv6iaIXiMwiw

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4

    • Size

      957KB

    • MD5

      da23352a594c97e931832f1ece7e3b1e

    • SHA1

      8eeb6854088d07502578b467ad716c39d985f7b6

    • SHA256

      664d34a421900283c0f9c9a099ce80cd4774df50979888fe711be51b878c84f4

    • SHA512

      77de8c75004aae778baf63f83b6d54ae1772d80139653ae79ed67d828319589c8b73a7ade7e255356635701ffbaaf9f17df4900864df17ac94b945400ac9e901

    • SSDEEP

      24576:ey1Fu2uC2q1c8V5tHIGvLk/y2FI/IjC9RS4lvbG9bi2:t1BfX1v5tHfv462uFqLi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks