Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29244f052351066085789c89168afb6ea928ce20a9d0061694babb6e562dd117.dll

  • Size

    441KB

  • Sample

    240714-kts7lswfjh

  • MD5

    d496ebb55135a8f961ed737136d27748

  • SHA1

    7673817b6ab95b8bb11bc1fbad6ad3dc8c93da48

  • SHA256

    29244f052351066085789c89168afb6ea928ce20a9d0061694babb6e562dd117

  • SHA512

    9afc745aeb2bad4960aa267377b71caa6a2636a9eff737904b27e2c9853f7a9de74967fb99e5858cf000821b678d44aa9878801057c1f4377351649c041db869

  • SSDEEP

    6144:AyuJWVtH+pv7DvmbfT101JohJFQE8tILgB1X7h6gWxG:AvJqtWvmbJ0bohJwILgB1X7v

Malware Config

Extracted

Family

redline

Botnet

478596

C2

91.92.249.24:4808

Targets

    • Target

      29244f052351066085789c89168afb6ea928ce20a9d0061694babb6e562dd117.dll

    • Size

      441KB

    • MD5

      d496ebb55135a8f961ed737136d27748

    • SHA1

      7673817b6ab95b8bb11bc1fbad6ad3dc8c93da48

    • SHA256

      29244f052351066085789c89168afb6ea928ce20a9d0061694babb6e562dd117

    • SHA512

      9afc745aeb2bad4960aa267377b71caa6a2636a9eff737904b27e2c9853f7a9de74967fb99e5858cf000821b678d44aa9878801057c1f4377351649c041db869

    • SSDEEP

      6144:AyuJWVtH+pv7DvmbfT101JohJFQE8tILgB1X7h6gWxG:AvJqtWvmbJ0bohJwILgB1X7v

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks