Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d68e87670b838f0ae40c610144e6247989adf29a6c05b1ac2125776dd0afae86

  • Size

    1.1MB

  • Sample

    231117-b9r5taec3y

  • MD5

    f9a25fe8acd5df4f650b4befadf2d7c2

  • SHA1

    064540f50b0224ca47c65fa5758c4299be6a6996

  • SHA256

    d68e87670b838f0ae40c610144e6247989adf29a6c05b1ac2125776dd0afae86

  • SHA512

    c25349eda0efd65f11695bbabd2c74648af8956e703bdfef7178d598b62233450fb2340933dd59ce47ab8319dc9b503a69bb16d73c5ce522a26f4200e98416a3

  • SSDEEP

    24576:OyLa2DMZKpHUyZfrVdDDgjLqmZkgPKjiHMOBx5:dLPQoUy5DDgLRPPKjiHvBx

Malware Config

Extracted

Family

redline

Botnet

horda

C2

194.49.94.152:19053

Targets

    • Target

      d68e87670b838f0ae40c610144e6247989adf29a6c05b1ac2125776dd0afae86

    • Size

      1.1MB

    • MD5

      f9a25fe8acd5df4f650b4befadf2d7c2

    • SHA1

      064540f50b0224ca47c65fa5758c4299be6a6996

    • SHA256

      d68e87670b838f0ae40c610144e6247989adf29a6c05b1ac2125776dd0afae86

    • SHA512

      c25349eda0efd65f11695bbabd2c74648af8956e703bdfef7178d598b62233450fb2340933dd59ce47ab8319dc9b503a69bb16d73c5ce522a26f4200e98416a3

    • SSDEEP

      24576:OyLa2DMZKpHUyZfrVdDDgjLqmZkgPKjiHMOBx5:dLPQoUy5DDgLRPPKjiHvBx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks