Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4

  • Size

    1.1MB

  • Sample

    231022-17xd7ada2v

  • MD5

    726211d761490028db412b94f41560cd

  • SHA1

    35e2eaa4aef889f7ed15ba77c7a06790e983a507

  • SHA256

    1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4

  • SHA512

    290d47a1f42171474266fb2626ee9b0b02a81d337ccdbfd74355fe86c089fe4d8b63f7b804fe16ed0fed5ac27dcec2460ca13e91b252a399509d04bdd5da8abc

  • SSDEEP

    24576:ey95/7BePPX9rVOgu6sz8O2K8UZhPfZnrwdidLlhl+2fYe:t9VEP1xOLP6SPWEHlTf

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4

    • Size

      1.1MB

    • MD5

      726211d761490028db412b94f41560cd

    • SHA1

      35e2eaa4aef889f7ed15ba77c7a06790e983a507

    • SHA256

      1b3965a832f82cd3387c49ff87394ce8bceb3ac922ecbbb20155cac9aae014b4

    • SHA512

      290d47a1f42171474266fb2626ee9b0b02a81d337ccdbfd74355fe86c089fe4d8b63f7b804fe16ed0fed5ac27dcec2460ca13e91b252a399509d04bdd5da8abc

    • SSDEEP

      24576:ey95/7BePPX9rVOgu6sz8O2K8UZhPfZnrwdidLlhl+2fYe:t9VEP1xOLP6SPWEHlTf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks