Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6fca3cd57293390ccf9d2bc83662dda.bin

  • Size

    316KB

  • Sample

    240825-cbmm4stcnj

  • MD5

    85ce5e51b82148c4ca84ecd85b64f57b

  • SHA1

    4b9b6d679220923bd33e3178f2452ffdf1026ca0

  • SHA256

    576142e40c7044a58f78ec10c3b9f94bab098de72c7dfffeb2be40e533ae9033

  • SHA512

    8cd6d59ec009a5b462d2c45f0cb1d8ad8031a24817b00ab2c3b0f694ff73b3b6a8051d4720e6c7b7d2ec2f11f8f5b8cc718918357cae6c716982f589bbc1c2fa

  • SSDEEP

    6144:Q33f8URGysF1iNp3hL7G99KbG3ncjyZd21hKWZBxPo3mCLJBzs9fESCar2j2Wv2:i3kUR5c1iNpxL7G9sbG3n5j2TKWiWCLC

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

95.179.163.21:29257

Targets

    • Target

      74e0bf30c9107fa716920c878521037db3ca4eeda5c14d745a2459eb14d1190e.exe

    • Size

      323KB

    • MD5

      d6fca3cd57293390ccf9d2bc83662dda

    • SHA1

      94496d01aa91e981846299eeac5631ab8b8c4a93

    • SHA256

      74e0bf30c9107fa716920c878521037db3ca4eeda5c14d745a2459eb14d1190e

    • SHA512

      3990a61000c7dad33e75ce1ca670f5a7b66c0ce1215997dccfca5d4163fedfc7b736bca01c2f1064b0c780eccb039dd0de6be001c87399c1d69da0f456db2a8e

    • SSDEEP

      6144:kImw3mswWc3KcEUffTOR/PmB7ZegrbgykDDCT2qDx0j6ibCMvUkBEO:k+wWcXbwmfXK62qSjPbkkBEO

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks