Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    BLTools v2.7.8.exe

  • Size

    6.0MB

  • Sample

    240713-28hsvszhmk

  • MD5

    18e51393ff0524593ae38fd47c9515ca

  • SHA1

    9a5705539d6f310ca79dfd25aa146ec42a3353bc

  • SHA256

    90ec6b9de003940106cfcdc8403d0755c2a0e2e185e26077e9ee2989bb6eb319

  • SHA512

    8475c4a06ac9ae7bad83679f0d7ba1c0c5a367df821dc695a36493df058fff319910c2567993ee02ef85d5f0be847e889e566254b35ba594358b5907cc1eb426

  • SSDEEP

    24576:OUWdPtcKrMDCwSDyFf9/4yH6DPOa0QNOou7Oq:OUWdlcmMDCwXFwyH6DPOaXOou7

Malware Config

Extracted

Family

redline

Botnet

7189937467

C2

https://pastebin.com/raw/KE5Mft0T

Targets

    • Target

      BLTools v2.7.8.exe

    • Size

      6.0MB

    • MD5

      18e51393ff0524593ae38fd47c9515ca

    • SHA1

      9a5705539d6f310ca79dfd25aa146ec42a3353bc

    • SHA256

      90ec6b9de003940106cfcdc8403d0755c2a0e2e185e26077e9ee2989bb6eb319

    • SHA512

      8475c4a06ac9ae7bad83679f0d7ba1c0c5a367df821dc695a36493df058fff319910c2567993ee02ef85d5f0be847e889e566254b35ba594358b5907cc1eb426

    • SSDEEP

      24576:OUWdPtcKrMDCwSDyFf9/4yH6DPOa0QNOou7Oq:OUWdlcmMDCwXFwyH6DPOaXOou7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks