Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5d656fc9c4854b4b62f1ccbba625650a80a5487632522e1d8868afaeac4df05a

  • Size

    1.1MB

  • Sample

    231016-jxan1aeg54

  • MD5

    e7607d4fa7ba9243de7bebf6e31ff5e3

  • SHA1

    5e374f01dbc9c4c2eda1d46442d0078433f51c68

  • SHA256

    5d656fc9c4854b4b62f1ccbba625650a80a5487632522e1d8868afaeac4df05a

  • SHA512

    5b5040d7ba536db055783ecb62dec79d207b063705d6fbf50af55889c7146ada4a9cd30021c30a2f624f5a536ae06dd058f8fd734df6639d14d03d4e58952dd3

  • SSDEEP

    24576:oyvrM8Qir/BiwbX+lUbnfXm5TnDwplIwMDZwgXC/uvx5oW+lay:vDt3r5i6XOUbfXm5Tn6ywMDehy4la

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      5d656fc9c4854b4b62f1ccbba625650a80a5487632522e1d8868afaeac4df05a

    • Size

      1.1MB

    • MD5

      e7607d4fa7ba9243de7bebf6e31ff5e3

    • SHA1

      5e374f01dbc9c4c2eda1d46442d0078433f51c68

    • SHA256

      5d656fc9c4854b4b62f1ccbba625650a80a5487632522e1d8868afaeac4df05a

    • SHA512

      5b5040d7ba536db055783ecb62dec79d207b063705d6fbf50af55889c7146ada4a9cd30021c30a2f624f5a536ae06dd058f8fd734df6639d14d03d4e58952dd3

    • SSDEEP

      24576:oyvrM8Qir/BiwbX+lUbnfXm5TnDwplIwMDZwgXC/uvx5oW+lay:vDt3r5i6XOUbfXm5Tn6ywMDehy4la

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks