Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.fe6aa6b62ec619150b2b02d0bbf412d0.exe

  • Size

    311KB

  • Sample

    231115-e45eqscb63

  • MD5

    fe6aa6b62ec619150b2b02d0bbf412d0

  • SHA1

    00c9387661e70c14a9864bf924a4a337b8659494

  • SHA256

    e93e1bc916a1c530997476aa46c20e09954403519d49063aecb3bd7cf1b3d015

  • SHA512

    c87a62455255f33711ebfd782da86ebe767569a78e1fc27d26b56561e2a24f50c9a2e4323284603a6446d706f2eecd227503e0ff6d2fce2887a81b348c2ae440

  • SSDEEP

    3072:zjlomiD4ecS37wnKHZtRjHAUUpP+/JNYnr9gg24Fic0STdy9KPr7gkCWaHR+i6Z/:P3AE2wKDWneR2H0STdqIGjbc

Malware Config

Extracted

Family

redline

Botnet

taiga

C2

5.42.92.51:19057

Targets

    • Target

      NEAS.fe6aa6b62ec619150b2b02d0bbf412d0.exe

    • Size

      311KB

    • MD5

      fe6aa6b62ec619150b2b02d0bbf412d0

    • SHA1

      00c9387661e70c14a9864bf924a4a337b8659494

    • SHA256

      e93e1bc916a1c530997476aa46c20e09954403519d49063aecb3bd7cf1b3d015

    • SHA512

      c87a62455255f33711ebfd782da86ebe767569a78e1fc27d26b56561e2a24f50c9a2e4323284603a6446d706f2eecd227503e0ff6d2fce2887a81b348c2ae440

    • SSDEEP

      3072:zjlomiD4ecS37wnKHZtRjHAUUpP+/JNYnr9gg24Fic0STdy9KPr7gkCWaHR+i6Z/:P3AE2wKDWneR2H0STdqIGjbc

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks