Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6

  • Size

    474KB

  • Sample

    240616-zw6ytaxgqh

  • MD5

    ff3dfe957c4a50432a070969c887c74e

  • SHA1

    15d00674419d448b92668439f265f0dbb3acb305

  • SHA256

    4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6

  • SHA512

    5842524c90b78e33ed2b59a6ad345f6f8d6671ba15486a9340b103eaad40fc0f4da5ee9c699b1e73db35a8a4936826e1db8e966be73b5c6ba921063a83a1ef82

  • SSDEEP

    12288:Lh1Fk70TnvjcupksZzmlJqEQFLEOrGIvxRjNu9/5Z765bE/M:Rk70Trcp+ml3QeIpRjO5Z724M

Malware Config

Extracted

Family

redline

Botnet

@systemrooted

C2

45.15.156.167:80

Targets

    • Target

      4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6

    • Size

      474KB

    • MD5

      ff3dfe957c4a50432a070969c887c74e

    • SHA1

      15d00674419d448b92668439f265f0dbb3acb305

    • SHA256

      4d3f328da9dc0f53b979075eb9334c42bfe50857fbe7c07fd7721f18ae8136e6

    • SHA512

      5842524c90b78e33ed2b59a6ad345f6f8d6671ba15486a9340b103eaad40fc0f4da5ee9c699b1e73db35a8a4936826e1db8e966be73b5c6ba921063a83a1ef82

    • SSDEEP

      12288:Lh1Fk70TnvjcupksZzmlJqEQFLEOrGIvxRjNu9/5Z765bE/M:Rk70Trcp+ml3QeIpRjO5Z724M

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables packed with unregistered version of .NET Reactor

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks