Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5257844de1ca4bdb3974a856842bdfd215402589fa9c42f39bbc402328d158e5.exe

  • Size

    586KB

  • Sample

    241111-chewvazemk

  • MD5

    96345dc7842307368fd315162ae51873

  • SHA1

    b84e076b1492c48a21e3ebf98d7fac8fb1a258d6

  • SHA256

    5257844de1ca4bdb3974a856842bdfd215402589fa9c42f39bbc402328d158e5

  • SHA512

    07eecf80c62e78cb9abf2693252d61c2a43f607a8602f4db7a37ed8a04c5443b5a68cadeb44f3beb08651f61aa4016baa1f11e81890958ffe86a852212c4687f

  • SSDEEP

    12288:WMV1C968rngo5WRem+A47x9IyZEZxOrOlW4y34:Wg1iag97x9BZEZQilW49

Malware Config

Extracted

Family

redline

Botnet

lada

C2

185.161.248.90:4125

Attributes
  • auth_value

    0b3678897547fedafe314eda5a2015ba

Targets

    • Target

      5257844de1ca4bdb3974a856842bdfd215402589fa9c42f39bbc402328d158e5.exe

    • Size

      586KB

    • MD5

      96345dc7842307368fd315162ae51873

    • SHA1

      b84e076b1492c48a21e3ebf98d7fac8fb1a258d6

    • SHA256

      5257844de1ca4bdb3974a856842bdfd215402589fa9c42f39bbc402328d158e5

    • SHA512

      07eecf80c62e78cb9abf2693252d61c2a43f607a8602f4db7a37ed8a04c5443b5a68cadeb44f3beb08651f61aa4016baa1f11e81890958ffe86a852212c4687f

    • SSDEEP

      12288:WMV1C968rngo5WRem+A47x9IyZEZxOrOlW4y34:Wg1iag97x9BZEZQilW49

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks