Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2a2d52a4b2b0e2b45ad671e6ce69ef23f63ebe3e772b50d1e0bca1424a483713

  • Size

    1.5MB

  • Sample

    231103-el4eqabg7w

  • MD5

    6bcbbf831380a47e6d269bb02befe194

  • SHA1

    55a5c0863c3cc9297050bfb0bbe3a01ef90c4791

  • SHA256

    2a2d52a4b2b0e2b45ad671e6ce69ef23f63ebe3e772b50d1e0bca1424a483713

  • SHA512

    9ba12760780a93cddd7eb8de17f2330173b77415bb3c8f48a729ec98ecd7d44ad30c44173b5a4d8eddbae27ffae14f3e93b83fe185ef4ea5516644a46d58e057

  • SSDEEP

    24576:0yP5r8rnF0TvAZ9Em95WAZuP+c7qpeZQJGumxmy6QiraZkfWAwkw1il:DP5rQC4Ymz/Xv9mxG1ra+fZdw

Malware Config

Extracted

Family

redline

Botnet

kedru

C2

77.91.124.86:19084

Targets

    • Target

      2a2d52a4b2b0e2b45ad671e6ce69ef23f63ebe3e772b50d1e0bca1424a483713

    • Size

      1.5MB

    • MD5

      6bcbbf831380a47e6d269bb02befe194

    • SHA1

      55a5c0863c3cc9297050bfb0bbe3a01ef90c4791

    • SHA256

      2a2d52a4b2b0e2b45ad671e6ce69ef23f63ebe3e772b50d1e0bca1424a483713

    • SHA512

      9ba12760780a93cddd7eb8de17f2330173b77415bb3c8f48a729ec98ecd7d44ad30c44173b5a4d8eddbae27ffae14f3e93b83fe185ef4ea5516644a46d58e057

    • SSDEEP

      24576:0yP5r8rnF0TvAZ9Em95WAZuP+c7qpeZQJGumxmy6QiraZkfWAwkw1il:DP5rQC4Ymz/Xv9mxG1ra+fZdw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks