Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cef2505e5c844d4bad39d894e5b4e1d5ea54f31bb1425f522eb4b67889005490

  • Size

    1.7MB

  • Sample

    231024-cdhryabf69

  • MD5

    c1a168e8d7773da790a4f6551a4fb7d0

  • SHA1

    95bdfece92beab46e20d4e12141f02589708f264

  • SHA256

    cef2505e5c844d4bad39d894e5b4e1d5ea54f31bb1425f522eb4b67889005490

  • SHA512

    b787e861dbcf196dd19512cdded0eaf1058f9856ff4b17c997ab9ccb7c997bae4680aebbca86978119cd144d1d8cde1274859122f56ce351e5bf312c0a83eb2c

  • SSDEEP

    49152:WQm3hsddHp8GXfQr5EgG2VUN4EfNrjCMJs:tm3he8GXfU5EgGzDVjCOs

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      cef2505e5c844d4bad39d894e5b4e1d5ea54f31bb1425f522eb4b67889005490

    • Size

      1.7MB

    • MD5

      c1a168e8d7773da790a4f6551a4fb7d0

    • SHA1

      95bdfece92beab46e20d4e12141f02589708f264

    • SHA256

      cef2505e5c844d4bad39d894e5b4e1d5ea54f31bb1425f522eb4b67889005490

    • SHA512

      b787e861dbcf196dd19512cdded0eaf1058f9856ff4b17c997ab9ccb7c997bae4680aebbca86978119cd144d1d8cde1274859122f56ce351e5bf312c0a83eb2c

    • SSDEEP

      49152:WQm3hsddHp8GXfQr5EgG2VUN4EfNrjCMJs:tm3he8GXfU5EgGzDVjCOs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks