Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    x0543664.exe

  • Size

    291KB

  • Sample

    231012-fx2kyabd58

  • MD5

    d72e8eb9bc5f8e9b119f39216631733b

  • SHA1

    d8e29c1d02381d7339910f4f0aed1e0fc4e9fea9

  • SHA256

    6508ea148ad32be86b59cadc266e2a72343e0dc3896742fd74bc324cb1a5ef57

  • SHA512

    9b3a3188b794d03302d6657c834fcfa45d008a402e426afa36f17e28b8d20bbfc3d7a597e9d03e633f23db638751b40de90c3914882779d5da7bd0b902c8aa74

  • SSDEEP

    6144:Kry+bnr+jp0yN90QEGAV5HR0zwDm88tH50brv3zFq:dMrjy907cHIbj3g

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      x0543664.exe

    • Size

      291KB

    • MD5

      d72e8eb9bc5f8e9b119f39216631733b

    • SHA1

      d8e29c1d02381d7339910f4f0aed1e0fc4e9fea9

    • SHA256

      6508ea148ad32be86b59cadc266e2a72343e0dc3896742fd74bc324cb1a5ef57

    • SHA512

      9b3a3188b794d03302d6657c834fcfa45d008a402e426afa36f17e28b8d20bbfc3d7a597e9d03e633f23db638751b40de90c3914882779d5da7bd0b902c8aa74

    • SSDEEP

      6144:Kry+bnr+jp0yN90QEGAV5HR0zwDm88tH50brv3zFq:dMrjy907cHIbj3g

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks