Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4

  • Size

    567KB

  • Sample

    231012-fg2k1aga21

  • MD5

    2cc6cd76d79dcf0755db05f04f40f085

  • SHA1

    a2ff4b22b3da8cd8b2a8c8764f0071a3b7403ad7

  • SHA256

    bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4

  • SHA512

    4473555da2d416a288695c311e02f84ef615b2ffd5faf13d3ce3fbf857343bcd4d4053cf36d64dd0095b21e315a63e798f83d14db0ec615d0564b1a065bcf3e2

  • SSDEEP

    12288:RMriy90qbRcrpfFoSiLHw/S71LzUpjlCM9tdTDD:TyN1crni8WzUpZCMZ

Malware Config

Extracted

Family

redline

Botnet

trush

C2

77.91.124.82:19071

Attributes
  • auth_value

    c13814867cde8193679cd0cad2d774be

Targets

    • Target

      bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4

    • Size

      567KB

    • MD5

      2cc6cd76d79dcf0755db05f04f40f085

    • SHA1

      a2ff4b22b3da8cd8b2a8c8764f0071a3b7403ad7

    • SHA256

      bce4c2f14de3d573129f4a78c09bb1a6eb060671c15852acd05cafed2f483db4

    • SHA512

      4473555da2d416a288695c311e02f84ef615b2ffd5faf13d3ce3fbf857343bcd4d4053cf36d64dd0095b21e315a63e798f83d14db0ec615d0564b1a065bcf3e2

    • SSDEEP

      12288:RMriy90qbRcrpfFoSiLHw/S71LzUpjlCM9tdTDD:TyN1crni8WzUpZCMZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks