Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5

  • Size

    429KB

  • Sample

    220908-m5nsdabfaj

  • MD5

    cec2f747dbbbef10f7b16ebb9fd75e19

  • SHA1

    c20b3b5a0972d6e5c588cf6655b0250b0104e0f7

  • SHA256

    8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5

  • SHA512

    6b95d43d6009d7e63c4b3e337e74255bc84cb01add9f63873d36b193cae0b7078c0745b508507828c0aa1f09be264042920d4848dea2cdba16c7800f66156814

  • SSDEEP

    12288:wAz1gZ0KtvusH5ntDfR0Veh+6udJ0iycbxOygJ3bmLJ:91w5nB+VeAv/bx3gbA

Malware Config

Extracted

Family

redline

Botnet

nam5

C2

103.89.90.61:34589

Attributes
  • auth_value

    f23be8e9063fe5d0c6fc3ee8e7d565bd

Targets

    • Target

      8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5

    • Size

      429KB

    • MD5

      cec2f747dbbbef10f7b16ebb9fd75e19

    • SHA1

      c20b3b5a0972d6e5c588cf6655b0250b0104e0f7

    • SHA256

      8ab66ceac904f94d36ea745f5bc9b0a976f6b7cd7c301b5549371829ee5754e5

    • SHA512

      6b95d43d6009d7e63c4b3e337e74255bc84cb01add9f63873d36b193cae0b7078c0745b508507828c0aa1f09be264042920d4848dea2cdba16c7800f66156814

    • SSDEEP

      12288:wAz1gZ0KtvusH5ntDfR0Veh+6udJ0iycbxOygJ3bmLJ:91w5nB+VeAv/bx3gbA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks