Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1de12a587c6d4f57d5364f17691d31c3830e8a875db9a2d53dccaa45a4406336

  • Size

    1.5MB

  • Sample

    231022-ssyppsab8t

  • MD5

    4054fba7471c2b12bdc7734496b35b8c

  • SHA1

    a892583c5167284284decc47a18f0d978be1d2e7

  • SHA256

    1de12a587c6d4f57d5364f17691d31c3830e8a875db9a2d53dccaa45a4406336

  • SHA512

    953ed9161c16bfe1f59e03f0f5e474aaf33f4985b35e0af1017dad8688f5b0c884de58beb08515bcf6ed1f7727d46876c1e8825daa9ac3e6f90a36a43ba5dbaa

  • SSDEEP

    24576:OyITqiftF4wBvuikVcdwo/nEvFerlRLaG5sofeNMjoCLDNG9I5Z+jQgpO45SF9Y/:dITqiff4wBvFkz7QrfaG5sRNMNpmH84z

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

    • Target

      1de12a587c6d4f57d5364f17691d31c3830e8a875db9a2d53dccaa45a4406336

    • Size

      1.5MB

    • MD5

      4054fba7471c2b12bdc7734496b35b8c

    • SHA1

      a892583c5167284284decc47a18f0d978be1d2e7

    • SHA256

      1de12a587c6d4f57d5364f17691d31c3830e8a875db9a2d53dccaa45a4406336

    • SHA512

      953ed9161c16bfe1f59e03f0f5e474aaf33f4985b35e0af1017dad8688f5b0c884de58beb08515bcf6ed1f7727d46876c1e8825daa9ac3e6f90a36a43ba5dbaa

    • SSDEEP

      24576:OyITqiftF4wBvuikVcdwo/nEvFerlRLaG5sofeNMjoCLDNG9I5Z+jQgpO45SF9Y/:dITqiff4wBvFkz7QrfaG5sRNMNpmH84z

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks