Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Software 1.30.1.exe

  • Size

    596KB

  • Sample

    240713-t3mkvs1ale

  • MD5

    5f2f1a442fe547ffaf2d66c598f5375b

  • SHA1

    18b22ec530ef3fbaf17cc7f68570d7040c8cee32

  • SHA256

    eaa963864ffeb7d669b61683fef96465ae3b8830943686e2eae848b028a8d2cb

  • SHA512

    1922d7e6b7405e53edf90d1b9e431531d2b1a5c20b9eb4a025f50eeaf1be42ecaf2a46d03938012c0203eb600960ce06e8d719c8dfc62a61af8f392df5265aa7

  • SSDEEP

    12288:0Nmn79/KrdfJgMJ8GsQmz80v9ZiPqJWLM2LEA6oe6m+mppVOd36U2Dv5sNJL02aJ:Qmn79KjgQcv3l

Malware Config

Extracted

Family

redline

Botnet

@fgkyleoff

C2

85.28.47.132:80

Targets

    • Target

      Software 1.30.1.exe

    • Size

      596KB

    • MD5

      5f2f1a442fe547ffaf2d66c598f5375b

    • SHA1

      18b22ec530ef3fbaf17cc7f68570d7040c8cee32

    • SHA256

      eaa963864ffeb7d669b61683fef96465ae3b8830943686e2eae848b028a8d2cb

    • SHA512

      1922d7e6b7405e53edf90d1b9e431531d2b1a5c20b9eb4a025f50eeaf1be42ecaf2a46d03938012c0203eb600960ce06e8d719c8dfc62a61af8f392df5265aa7

    • SSDEEP

      12288:0Nmn79/KrdfJgMJ8GsQmz80v9ZiPqJWLM2LEA6oe6m+mppVOd36U2Dv5sNJL02aJ:Qmn79KjgQcv3l

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks