Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b70ffc25486e3c82f904a6e5793b4e8a25e607e2ac7c85bb63fbdf985121cc1

  • Size

    937KB

  • Sample

    231012-d4tskach2v

  • MD5

    ede54b1684018891a17bd10c478eda44

  • SHA1

    4a2b27d8989151400eb02c0199b84b63a12ae9d7

  • SHA256

    6b70ffc25486e3c82f904a6e5793b4e8a25e607e2ac7c85bb63fbdf985121cc1

  • SHA512

    9c2de726fcd9fe8a9af2057cbbb5cc49817e97f9486195654544c327469440c5d3e1b34e9ec5475cdc627dd1df83a9f677c5c63934b459a5d992cdabd7b040d6

  • SSDEEP

    24576:jy4q5mlJWWeuQhH48lPx6ZF+iGsS9dbhD8ri6z7w:24q5ml6hHRx6ZYVbyV

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      6b70ffc25486e3c82f904a6e5793b4e8a25e607e2ac7c85bb63fbdf985121cc1

    • Size

      937KB

    • MD5

      ede54b1684018891a17bd10c478eda44

    • SHA1

      4a2b27d8989151400eb02c0199b84b63a12ae9d7

    • SHA256

      6b70ffc25486e3c82f904a6e5793b4e8a25e607e2ac7c85bb63fbdf985121cc1

    • SHA512

      9c2de726fcd9fe8a9af2057cbbb5cc49817e97f9486195654544c327469440c5d3e1b34e9ec5475cdc627dd1df83a9f677c5c63934b459a5d992cdabd7b040d6

    • SSDEEP

      24576:jy4q5mlJWWeuQhH48lPx6ZF+iGsS9dbhD8ri6z7w:24q5ml6hHRx6ZYVbyV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks