Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0f4dcff379d19d306dfc50eb6cbf1cb259e73762b1b13d8427874b87efe4807f

  • Size

    267KB

  • Sample

    240509-gjaezagb69

  • MD5

    75784927e58273f6ed2fea6bfb71fbef

  • SHA1

    5f80cf17578456c4845ecb9eea18ef92fd103bc6

  • SHA256

    0f4dcff379d19d306dfc50eb6cbf1cb259e73762b1b13d8427874b87efe4807f

  • SHA512

    fb6febfc3bea565662462dc02326c8c9045d7db170edaa5052e67f7a043c7a03c7d8c33f8e43d32fc5c53e54072c00582553d06cfcef72879b87e1e4716389fe

  • SSDEEP

    6144:XdcllhS4qdxjPxUUsnNJHgYussMG9lpC+2mmKU:Na/SNRWHvussMGbOKU

Malware Config

Extracted

Family

redline

Botnet

5345987420

C2

https://pastebin.com/raw/KE5Mft0T

Targets

    • Target

      0f4dcff379d19d306dfc50eb6cbf1cb259e73762b1b13d8427874b87efe4807f

    • Size

      267KB

    • MD5

      75784927e58273f6ed2fea6bfb71fbef

    • SHA1

      5f80cf17578456c4845ecb9eea18ef92fd103bc6

    • SHA256

      0f4dcff379d19d306dfc50eb6cbf1cb259e73762b1b13d8427874b87efe4807f

    • SHA512

      fb6febfc3bea565662462dc02326c8c9045d7db170edaa5052e67f7a043c7a03c7d8c33f8e43d32fc5c53e54072c00582553d06cfcef72879b87e1e4716389fe

    • SSDEEP

      6144:XdcllhS4qdxjPxUUsnNJHgYussMG9lpC+2mmKU:Na/SNRWHvussMGbOKU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks