Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    86e702a3bf11baf010d534dcf0b72e7580961f4319c0065638a37016d6f2d200

  • Size

    1.7MB

  • Sample

    231024-j6bbwsdd93

  • MD5

    c4c2833e658da2e7a1fdf8b49900fd83

  • SHA1

    515d96a946a367b0f2c0d9e5ffa135598050b037

  • SHA256

    86e702a3bf11baf010d534dcf0b72e7580961f4319c0065638a37016d6f2d200

  • SHA512

    37ea8078e74c9c9fcfe81eec51f5b4388005e5c87d42286ef74a55620a5c44bb16e994cf6113491ebcbb0778e524c1daea23458dde1258cfac5c0cbdbc731608

  • SSDEEP

    49152:R08tb0VXXFbuYs8W8D2m+ph8P5ypmp6wY:NboXFbtoO2mcioAm

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      86e702a3bf11baf010d534dcf0b72e7580961f4319c0065638a37016d6f2d200

    • Size

      1.7MB

    • MD5

      c4c2833e658da2e7a1fdf8b49900fd83

    • SHA1

      515d96a946a367b0f2c0d9e5ffa135598050b037

    • SHA256

      86e702a3bf11baf010d534dcf0b72e7580961f4319c0065638a37016d6f2d200

    • SHA512

      37ea8078e74c9c9fcfe81eec51f5b4388005e5c87d42286ef74a55620a5c44bb16e994cf6113491ebcbb0778e524c1daea23458dde1258cfac5c0cbdbc731608

    • SSDEEP

      49152:R08tb0VXXFbuYs8W8D2m+ph8P5ypmp6wY:NboXFbtoO2mcioAm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks