Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6741290e801efcde6acb6ff03e3b543463bf7bd399a10f6544af419f932321c6

  • Size

    332KB

  • Sample

    240509-xzwadaae9s

  • MD5

    2785970b40ee59c74ed08a80f670cf59

  • SHA1

    3bd513a047d07542923fdda12233b6bfb0d3d4e9

  • SHA256

    6741290e801efcde6acb6ff03e3b543463bf7bd399a10f6544af419f932321c6

  • SHA512

    1f433a2b25742ef7ae3ec4038d4d42b27b209a33b6feece35f8570925a368b5d5e6edf48d4c100be27c550c5deab479209c33d62f45b07aa4e1e7d1d85033f9c

  • SSDEEP

    6144:T1Bwp/lwz9PI8/T6f5mUz7S3RMyghw1PPmfwjWlltD+0Xp:TPjz9PI8/TzeygSdPIwjWNy0Xp

Malware Config

Extracted

Family

redline

Botnet

7001210066

C2

https://pastebin.com/raw/KE5Mft0T

Targets

    • Target

      6741290e801efcde6acb6ff03e3b543463bf7bd399a10f6544af419f932321c6

    • Size

      332KB

    • MD5

      2785970b40ee59c74ed08a80f670cf59

    • SHA1

      3bd513a047d07542923fdda12233b6bfb0d3d4e9

    • SHA256

      6741290e801efcde6acb6ff03e3b543463bf7bd399a10f6544af419f932321c6

    • SHA512

      1f433a2b25742ef7ae3ec4038d4d42b27b209a33b6feece35f8570925a368b5d5e6edf48d4c100be27c550c5deab479209c33d62f45b07aa4e1e7d1d85033f9c

    • SSDEEP

      6144:T1Bwp/lwz9PI8/T6f5mUz7S3RMyghw1PPmfwjWlltD+0Xp:TPjz9PI8/TzeygSdPIwjWNy0Xp

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks