Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09

  • Size

    826KB

  • Sample

    241111-b455gszerh

  • MD5

    613a0dd4438ac1a30f6d9850d4d27833

  • SHA1

    b4b56c8411c8c14134bc2acecd8f27d7e32bf206

  • SHA256

    4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09

  • SHA512

    1ac3dd0a3845cf97b05d859e19f90aceff24e8b0dec29d005a72c08a0fe7a2daac641d91258de061fc6a572389cf9c0727695840ef890a7e14adad65ce911fcd

  • SSDEEP

    24576:FyYV5IRu+Bh9jO/V49OYoZ2V71sEYwq0KCB65FeZ:gYrIRlJke9FbsETqwAX

Malware Config

Extracted

Family

redline

Botnet

crypt1

C2

176.113.115.17:4132

Attributes
  • auth_value

    2e2ca7bbceaa9f98252a6f9fc0e6fa86

Extracted

Family

redline

Botnet

romka

C2

193.233.20.11:4131

Attributes
  • auth_value

    fcbb3247051f5290e8ac5b1a841af67b

Targets

    • Target

      4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09

    • Size

      826KB

    • MD5

      613a0dd4438ac1a30f6d9850d4d27833

    • SHA1

      b4b56c8411c8c14134bc2acecd8f27d7e32bf206

    • SHA256

      4dafa29fd9714eab2dc6c2e879fa065bf8b7b6c44d28fd8e0b730e20ec591f09

    • SHA512

      1ac3dd0a3845cf97b05d859e19f90aceff24e8b0dec29d005a72c08a0fe7a2daac641d91258de061fc6a572389cf9c0727695840ef890a7e14adad65ce911fcd

    • SSDEEP

      24576:FyYV5IRu+Bh9jO/V49OYoZ2V71sEYwq0KCB65FeZ:gYrIRlJke9FbsETqwAX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks