Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96

  • Size

    1.0MB

  • Sample

    231012-g33wmaea87

  • MD5

    e0a2918fcba6822fb2533a5af0580ccd

  • SHA1

    b26f693bb5c86c572b3c436f7be692877842794f

  • SHA256

    81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96

  • SHA512

    ef568993bcdbca45c8eda3f01489c03630523453dc04a25d266788d6c667a1ac09e66dd948a922809cac3373385bdd92b5e095f43448a0fb5b1b6f3375d3eefe

  • SSDEEP

    12288:fMr/y90AK1aH4oyl7XlKTSyGOyuFR6OK/f+uuYfJw7cXWK4SRhRnX8fazlnQoktC:0ylCv5lpXPOy7fRjS7S5vRrnXb3Fh

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96

    • Size

      1.0MB

    • MD5

      e0a2918fcba6822fb2533a5af0580ccd

    • SHA1

      b26f693bb5c86c572b3c436f7be692877842794f

    • SHA256

      81b0f02e80fad3040b997505f3392e43d51b693bbcdac9d386bf7acd029bfd96

    • SHA512

      ef568993bcdbca45c8eda3f01489c03630523453dc04a25d266788d6c667a1ac09e66dd948a922809cac3373385bdd92b5e095f43448a0fb5b1b6f3375d3eefe

    • SSDEEP

      12288:fMr/y90AK1aH4oyl7XlKTSyGOyuFR6OK/f+uuYfJw7cXWK4SRhRnX8fazlnQoktC:0ylCv5lpXPOy7fRjS7S5vRrnXb3Fh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks