Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319

  • Size

    1.4MB

  • Sample

    231031-1cqcdsea9y

  • MD5

    aac12e791432ba8723d7cce41c86f2da

  • SHA1

    d011f21587b8953883b7d29ac3875619396aa85c

  • SHA256

    abe75a1220aab2d6ccf117f72f21159cc37b36a3112819e026a8193a6cc99a2b

  • SHA512

    c51fd1f2bbd5e8fdbaef35a5baeff3bea108471c090b23a12f09f38f9b67565ed2c37011c2b75b8545b597813e5c3a1c092d3d6d18356693d817d458892e439b

  • SSDEEP

    24576:myfL5CDu9FCRvHOaGMG3koaWo7tLpCGXEkLwgqbwTFs3r:1T5UzlHONMPoanVcGX2gqbwW

Malware Config

Extracted

Family

redline

Botnet

kinza

C2

77.91.124.86:19084

Targets

    • Target

      566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319

    • Size

      1.5MB

    • MD5

      10f1fd1abdb61d0d9b6c6825a1b0f4f5

    • SHA1

      53bbb16bda921f2136de280de9034ae6e80fab81

    • SHA256

      566423477686c57b22294736bf72fff582d7b0b96459926f7eca3ec710173319

    • SHA512

      033d08d69ce2073c993600b0ab1fbc84ebabf0e7b733e95f1e1ba475ff679c0d768a84c5ef32a763ef360bd71882252bd33a9b5ec633b864fbd3ac2caf759f8f

    • SSDEEP

      24576:1yO8rCrutFCFzjyYMS3ko4WrLa3LB26TP6+LwSq5GTjULga:QtrGfFzjyYMTo4MWbB26ToSq5G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks