Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7412518f71f76e1e4a0217a127a2c391c4c81657c2923113a5f4a4b60bf25b97

  • Size

    1.5MB

  • Sample

    231013-xecmjafc75

  • MD5

    f858b3501c6547c212e8f70433524df8

  • SHA1

    db313230299980434cd0d0532b939622c8bd55b5

  • SHA256

    7412518f71f76e1e4a0217a127a2c391c4c81657c2923113a5f4a4b60bf25b97

  • SHA512

    60138f00574a79fabb39e7f0ca3d82a17278655e8d16ab009ed820abbd845db97d755d6932901ffc59a70b5e2089ce9794b606509613f72d227303824b9e7147

  • SSDEEP

    24576:HyEF3/B/YomB05zMbv1Ut1A4Snsx4ROwTSyn82zmOy+wnbnoVbN6qhoLRU:SEFK9wz61UOsGROwWe82CO4oVJ6q+1

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      7412518f71f76e1e4a0217a127a2c391c4c81657c2923113a5f4a4b60bf25b97

    • Size

      1.5MB

    • MD5

      f858b3501c6547c212e8f70433524df8

    • SHA1

      db313230299980434cd0d0532b939622c8bd55b5

    • SHA256

      7412518f71f76e1e4a0217a127a2c391c4c81657c2923113a5f4a4b60bf25b97

    • SHA512

      60138f00574a79fabb39e7f0ca3d82a17278655e8d16ab009ed820abbd845db97d755d6932901ffc59a70b5e2089ce9794b606509613f72d227303824b9e7147

    • SSDEEP

      24576:HyEF3/B/YomB05zMbv1Ut1A4Snsx4ROwTSyn82zmOy+wnbnoVbN6qhoLRU:SEFK9wz61UOsGROwWe82CO4oVJ6q+1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks