Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xY1ol9cz.exe

  • Size

    782KB

  • Sample

    231024-gwgd2sba9w

  • MD5

    40b509736f2336f0ae4798e08093be25

  • SHA1

    aef0b5561edf2078238e0550b1468910c0730d2b

  • SHA256

    5570e3901d5acc58fb38547e39a9784bf614606e68618789df0d7e29da683d81

  • SHA512

    1e42ec6f3e618a4259c5c4b809f3109ff8807e5d83b7f37f541b3eba599f3fe153ea43002eabdfcc2bd4e5e21fc3ece00f95f35ae8c9c4cc09a61e0c07dad22d

  • SSDEEP

    12288:/Mray90a9vSkBkezQqbtzOyWHCqr8pJ+FqGQplIkXEFS1+gz4HRLhQWy:JywckLqdpC8efQDtEFS4gEHVy

Malware Config

Extracted

Family

redline

Botnet

kukish

C2

77.91.124.55:19071

Targets

    • Target

      xY1ol9cz.exe

    • Size

      782KB

    • MD5

      40b509736f2336f0ae4798e08093be25

    • SHA1

      aef0b5561edf2078238e0550b1468910c0730d2b

    • SHA256

      5570e3901d5acc58fb38547e39a9784bf614606e68618789df0d7e29da683d81

    • SHA512

      1e42ec6f3e618a4259c5c4b809f3109ff8807e5d83b7f37f541b3eba599f3fe153ea43002eabdfcc2bd4e5e21fc3ece00f95f35ae8c9c4cc09a61e0c07dad22d

    • SSDEEP

      12288:/Mray90a9vSkBkezQqbtzOyWHCqr8pJ+FqGQplIkXEFS1+gz4HRLhQWy:JywckLqdpC8efQDtEFS4gEHVy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks