Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29655aaef91cebf364f529a19c1b435834cb0ea08e976b77765d202d5b6d056f.exe

  • Size

    2.9MB

  • Sample

    240714-kvdtbawfle

  • MD5

    42208ec96d3a525eb6c8fb7039dc680a

  • SHA1

    d32a62d8f0f3ae105196b8ce7ca9d4fdf3aaae4e

  • SHA256

    29655aaef91cebf364f529a19c1b435834cb0ea08e976b77765d202d5b6d056f

  • SHA512

    bd97e212e436d491ea6a2fb175ee268d4b7ee927c8817c71a6d5dbc99614e2f17878f35ed0d0aecffc01ec97739efa0d55d036ce0038a1d95965bbc2174abf10

  • SSDEEP

    49152:ivFJ0Ig1/QIWcu54qQ+lZDK5HPo484AdEtZW3TANROzu8fmyc9mqU:E01obt6qQeDgHiXqwIOFfmy+

Malware Config

Extracted

Family

redline

Botnet

TG-Source

C2

amrican-sport-live-stream.cc:4581

Attributes
  • auth_value

    1a3c2a146bad47603eedf589c29c4868

Targets

    • Target

      29655aaef91cebf364f529a19c1b435834cb0ea08e976b77765d202d5b6d056f.exe

    • Size

      2.9MB

    • MD5

      42208ec96d3a525eb6c8fb7039dc680a

    • SHA1

      d32a62d8f0f3ae105196b8ce7ca9d4fdf3aaae4e

    • SHA256

      29655aaef91cebf364f529a19c1b435834cb0ea08e976b77765d202d5b6d056f

    • SHA512

      bd97e212e436d491ea6a2fb175ee268d4b7ee927c8817c71a6d5dbc99614e2f17878f35ed0d0aecffc01ec97739efa0d55d036ce0038a1d95965bbc2174abf10

    • SSDEEP

      49152:ivFJ0Ig1/QIWcu54qQ+lZDK5HPo484AdEtZW3TANROzu8fmyc9mqU:E01obt6qQeDgHiXqwIOFfmy+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks