Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    387a7bd58f0df89c24c21713dbb945008952358cfba55c836cf286a2eb88b1f0

  • Size

    1.1MB

  • Sample

    231016-kdzdpaeh68

  • MD5

    220960c7f2a7288cce00be71725d3f2f

  • SHA1

    567ad208da352e57803d74fb0bf3fe581d7f76b1

  • SHA256

    387a7bd58f0df89c24c21713dbb945008952358cfba55c836cf286a2eb88b1f0

  • SHA512

    7961e7c4a02caa089276a22e6a7b75d01595e42cba34e83fe7ff9b98aa7763b3047396f384cb6621b364985856739196c695e8e101ad1b4328a871538f553dba

  • SSDEEP

    24576:GyOzb5t1tsnVYv42xfY2cqbJ9sD3EmuV2wDPNu:VOzb5SnVZ2xYy0omuV2wJ

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      387a7bd58f0df89c24c21713dbb945008952358cfba55c836cf286a2eb88b1f0

    • Size

      1.1MB

    • MD5

      220960c7f2a7288cce00be71725d3f2f

    • SHA1

      567ad208da352e57803d74fb0bf3fe581d7f76b1

    • SHA256

      387a7bd58f0df89c24c21713dbb945008952358cfba55c836cf286a2eb88b1f0

    • SHA512

      7961e7c4a02caa089276a22e6a7b75d01595e42cba34e83fe7ff9b98aa7763b3047396f384cb6621b364985856739196c695e8e101ad1b4328a871538f553dba

    • SSDEEP

      24576:GyOzb5t1tsnVYv42xfY2cqbJ9sD3EmuV2wDPNu:VOzb5SnVZ2xYy0omuV2wJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks