Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3210ceac280157198acb7c5ccc7c662dc10bdcd03ad5e236a3cb478742d62ee6

  • Size

    1.5MB

  • Sample

    231023-bzm34sfd94

  • MD5

    1a06a2142f4f3f33290bf18e16530dd8

  • SHA1

    031ab05e5cf071bb72e8bf99362b878af632dfc8

  • SHA256

    3210ceac280157198acb7c5ccc7c662dc10bdcd03ad5e236a3cb478742d62ee6

  • SHA512

    f6f2ba1fda04ef11ffadc46f6c0a927e6538cafa1c8cab65825cd86eff98d0d1ad244d613c131f809402d39c6437be1229a31fafd43cb755dea894064242922b

  • SSDEEP

    24576:8y2kyDFIjMAaKNf9L5olCdfc1W9plr9jntnWyHg6O:rEF0zbClCtZrBtrHg

Malware Config

Extracted

Family

redline

Botnet

kinder

C2

109.107.182.133:19084

Targets

    • Target

      3210ceac280157198acb7c5ccc7c662dc10bdcd03ad5e236a3cb478742d62ee6

    • Size

      1.5MB

    • MD5

      1a06a2142f4f3f33290bf18e16530dd8

    • SHA1

      031ab05e5cf071bb72e8bf99362b878af632dfc8

    • SHA256

      3210ceac280157198acb7c5ccc7c662dc10bdcd03ad5e236a3cb478742d62ee6

    • SHA512

      f6f2ba1fda04ef11ffadc46f6c0a927e6538cafa1c8cab65825cd86eff98d0d1ad244d613c131f809402d39c6437be1229a31fafd43cb755dea894064242922b

    • SSDEEP

      24576:8y2kyDFIjMAaKNf9L5olCdfc1W9plr9jntnWyHg6O:rEF0zbClCtZrBtrHg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks