Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    506KB

  • Sample

    231012-chgenshf2x

  • MD5

    0f724d78d4a65272ac085236c9caf06b

  • SHA1

    9449892f318709e1abfd33dd059dbdd1de8a0392

  • SHA256

    b7215d29651d883138e7000f2568418b02cb62350924f78ec75b7c7f0d3a9a72

  • SHA512

    6c4e203e8de1c30cb4fc417fb55887adb80682f1c24ff7f2a8786a7ca179369cdbe4c16fbbe0efc154eaac741ff62c3d81132fd2a8f8125613ac1df4ba678ba5

  • SSDEEP

    12288:qMriy90OWwCjyUi0kYkqnDIw4M0/2+Vlnw+Q1:0yywmyUigbDIw7AZQ1

Malware Config

Extracted

Family

redline

Botnet

trush

C2

77.91.124.82:19071

Attributes
  • auth_value

    c13814867cde8193679cd0cad2d774be

Targets

    • Target

      file.exe

    • Size

      506KB

    • MD5

      0f724d78d4a65272ac085236c9caf06b

    • SHA1

      9449892f318709e1abfd33dd059dbdd1de8a0392

    • SHA256

      b7215d29651d883138e7000f2568418b02cb62350924f78ec75b7c7f0d3a9a72

    • SHA512

      6c4e203e8de1c30cb4fc417fb55887adb80682f1c24ff7f2a8786a7ca179369cdbe4c16fbbe0efc154eaac741ff62c3d81132fd2a8f8125613ac1df4ba678ba5

    • SSDEEP

      12288:qMriy90OWwCjyUi0kYkqnDIw4M0/2+Vlnw+Q1:0yywmyUigbDIw7AZQ1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks