Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Download-RedLine-Stealer-Latest-Cleaned-main.zip

  • Size

    17.2MB

  • Sample

    241204-yacx6ssrgq

  • MD5

    7c82717c901169c4cd7158e19f49399f

  • SHA1

    dc544707688123761b6864ac79f90ecd70185621

  • SHA256

    ef6d5d1d711ac0d8ca385cb4810e11ed343656ef06f9c36d5746c5dcecf3a356

  • SHA512

    2b4c6b2fdff27eb259c93bb8465d5810a90460e764c84c769215deace5c711dce3f4d7b076fd3d1e8392bcee9a068ec17a95fc9bd049b9144907f66245984717

  • SSDEEP

    393216:N6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tv:N5L1rFjEKl1oNrJZYyr

Malware Config

Extracted

Family

xworm

Version

5.0

C2

svchost.serveirc.com:1313

Mutex

MML7YiawHlQLefrX

Attributes
  • Install_directory

    %AppData%

  • install_file

    svchost.exe

  • telegram

    https://api.telegram.org/bot7089308942:AAHsTcsMKoz1p6-9kX7OD8cZDlRLQM_DN-A/sendMessage?chat_id=5936200928

aes.plain
1
xF7B4ddJ8+X7RlVw0VlDbQ==

Targets

    • Target

      Download-RedLine-Stealer-Latest-Cleaned-main/RedLine Stealer.zip

    • Size

      17.2MB

    • MD5

      d3d1d5504a838b38d27bfdc29a9bf0ea

    • SHA1

      f6c351251c4b5fa64b852dc2ae6f85cf870a1508

    • SHA256

      4f90b7c87ae9a261936b72f8062c7ffff38f5921dc58794a23084aa0ad95969d

    • SHA512

      7f7dd2471f6aec68b1a2d59b1ccac1cef1142ee9fd734db6b320013dddac3c8e828ec0339765aa4df864e275415862df877971dbec803a3d6b350f034982c781

    • SSDEEP

      393216:y6AL1DWiFjy2F43KVjCybo8x8CLO0kjl2sDYSUs9Tx:y5L1rFjEKl1oNrJZYyl

    • Detect Xworm Payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Xworm

      Xworm is a remote access trojan written in C#.

    • Xworm family

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.