Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9cf3a490991a8c8bf088d3e96258c0a0N.exe

  • Size

    968KB

  • Sample

    240820-1qd7aavepb

  • MD5

    9cf3a490991a8c8bf088d3e96258c0a0

  • SHA1

    0579860ae04ccfe20c59f86c99e060c9114179b3

  • SHA256

    b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c

  • SHA512

    e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694

  • SSDEEP

    12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      9cf3a490991a8c8bf088d3e96258c0a0N.exe

    • Size

      968KB

    • MD5

      9cf3a490991a8c8bf088d3e96258c0a0

    • SHA1

      0579860ae04ccfe20c59f86c99e060c9114179b3

    • SHA256

      b254d9ed08f3a7398fa49ea2b511ba5591c581c6843518048a60569d949dea9c

    • SHA512

      e22e83bab96280aed6b329a4476ed5d24536a1f3eb662583bf32509868bb9523a4309e58a4f73528305285e7d8d1d5a566cd9207b167c1291f4dc3de1a978694

    • SSDEEP

      12288:JXCeCOfdk+VhmheZCVtqO9bES8zOFHKPJi4/ubnYLlJ6Gug2tV3:PCMdk+VhpZCVtqxGKPJ3Lz45J

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks