Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    44b4bcebb65ef3058dd0189d67e6ed3cd018d527f7ed9772f7fe58404dd764c8

  • Size

    267KB

  • Sample

    240509-hbe6xsee2z

  • MD5

    5232a0dfae271edf2b92d8fa8ac2d405

  • SHA1

    aa8e640e4ce0e24bbc4db189f1fa4fbdb0260448

  • SHA256

    44b4bcebb65ef3058dd0189d67e6ed3cd018d527f7ed9772f7fe58404dd764c8

  • SHA512

    8b1ddb476db3059ac6ae5f415e7f84545afc405b61fa20a7b10d687078359df9f2e1ae2d18556b8547e87133c0b70aa425afaa3c0ed16238d5dac9c991edf694

  • SSDEEP

    6144:ZYcllhS4qdxjPxUUsN+i6vMlrobXuEbIxmmKU:ya/SNRS6vMWblbIpKU

Malware Config

Extracted

Family

redline

Botnet

7001210066

C2

https://pastebin.com/raw/KE5Mft0T

Targets

    • Target

      44b4bcebb65ef3058dd0189d67e6ed3cd018d527f7ed9772f7fe58404dd764c8

    • Size

      267KB

    • MD5

      5232a0dfae271edf2b92d8fa8ac2d405

    • SHA1

      aa8e640e4ce0e24bbc4db189f1fa4fbdb0260448

    • SHA256

      44b4bcebb65ef3058dd0189d67e6ed3cd018d527f7ed9772f7fe58404dd764c8

    • SHA512

      8b1ddb476db3059ac6ae5f415e7f84545afc405b61fa20a7b10d687078359df9f2e1ae2d18556b8547e87133c0b70aa425afaa3c0ed16238d5dac9c991edf694

    • SSDEEP

      6144:ZYcllhS4qdxjPxUUsN+i6vMlrobXuEbIxmmKU:ya/SNRS6vMWblbIpKU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks