Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af

  • Size

    2.4MB

  • Sample

    221029-kyf3vaagap

  • MD5

    2c6f646f0757dfc55776b6a5c99e4a6d

  • SHA1

    bbe5541e23524ce04558293962b87e144e39892b

  • SHA256

    e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af

  • SHA512

    23b7cf8e8de5a26ea0f162969eefca7a7f005f67493938c62c32e7210cb1a2d5f3d97e09232a41ada6512353915a37b2fc4701cb2c941073a398722a682392a5

  • SSDEEP

    49152:CyByhf6eqFDEaSPiVCTh/ouN8s7LaI/p4hpH+/u/DkmH:CyByhf6eqFDEaGiVEBiqvSSG/bH

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af

    • Size

      2.4MB

    • MD5

      2c6f646f0757dfc55776b6a5c99e4a6d

    • SHA1

      bbe5541e23524ce04558293962b87e144e39892b

    • SHA256

      e2e8420230de05eec65c4801d2e928b6390de12f9c862fbd9959a1fb2a3bb0af

    • SHA512

      23b7cf8e8de5a26ea0f162969eefca7a7f005f67493938c62c32e7210cb1a2d5f3d97e09232a41ada6512353915a37b2fc4701cb2c941073a398722a682392a5

    • SSDEEP

      49152:CyByhf6eqFDEaSPiVCTh/ouN8s7LaI/p4hpH+/u/DkmH:CyByhf6eqFDEaGiVEBiqvSSG/bH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks