Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4894998a92beaa8ca1a10cac3d3b41a4188056bfff1a5d0f8e431fbdd0bd9e4d

  • Size

    1.0MB

  • Sample

    231012-hlctjsce6w

  • MD5

    55ef1e5fe8a3967f3e63185b55755b6d

  • SHA1

    1371600fa4621f25003d0b4bc57519849d6dea2f

  • SHA256

    4894998a92beaa8ca1a10cac3d3b41a4188056bfff1a5d0f8e431fbdd0bd9e4d

  • SHA512

    fb34a2f44332d6cac21e6c905bb13e6372fcced8f382f0ddd52cf89a720b837a630e9190bb1df0b35b2a64f28ef805acd125ad1e369f69f378df22796a13350f

  • SSDEEP

    24576:yyv3i+VoE7b6Zo61kUvOu6U2SzX7BzKBtntR6ms4u:Z/Db6v2u6UDzX7BzKBd6mv

Malware Config

Extracted

Family

redline

Botnet

tuxiu

C2

77.91.124.82:19071

Attributes
  • auth_value

    29610cdad07e7187eec70685a04b89fe

Targets

    • Target

      4894998a92beaa8ca1a10cac3d3b41a4188056bfff1a5d0f8e431fbdd0bd9e4d

    • Size

      1.0MB

    • MD5

      55ef1e5fe8a3967f3e63185b55755b6d

    • SHA1

      1371600fa4621f25003d0b4bc57519849d6dea2f

    • SHA256

      4894998a92beaa8ca1a10cac3d3b41a4188056bfff1a5d0f8e431fbdd0bd9e4d

    • SHA512

      fb34a2f44332d6cac21e6c905bb13e6372fcced8f382f0ddd52cf89a720b837a630e9190bb1df0b35b2a64f28ef805acd125ad1e369f69f378df22796a13350f

    • SSDEEP

      24576:yyv3i+VoE7b6Zo61kUvOu6U2SzX7BzKBtntR6ms4u:Z/Db6v2u6UDzX7BzKBd6mv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks