Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.zip

  • Size

    78.0MB

  • Sample

    221103-1alanahebj

  • MD5

    df1718942d28ba72f7a428e9b4abcbda

  • SHA1

    a1b4b82ce5299583b7d97d4f32185977fcb8f747

  • SHA256

    e0b6712565018f30a97cce0297b20d491fd2424d09eaa64ca385758f48d6f723

  • SHA512

    885fb91df1f922e2d3fad6a69c7561097cc6e436a033d280a09faf4c1066151ada7f5ccfb2ee3bd58a223047dcf5f919de6cfb65118735e0659a81ba0fa3fdda

  • SSDEEP

    1572864:PZIF/W+2Oq5ggbNx0N9zaZIF/W+2Oq5ggbNxUgI6ZIF/W+2Oq5ggbNx1r51y:PkWTOqOOkN4kWTOqOOkf6kWTOqOOlrC

Malware Config

Extracted

Family

redline

Botnet

1248769308_99

C2

spartanlivestyle.xyz:28786

Attributes
  • auth_value

    c363f8560ff21ea7f695ac60c01c4f74

Targets

    • Target

      Setup.exe

    • Size

      739.9MB

    • MD5

      da03cbe050932b35ccb6eb09eddae4f8

    • SHA1

      1cc5786cdf9cd4c09d33b89c0ef8ec83d719d050

    • SHA256

      6b7f08cef7e04fc59d680cc4151cd00fa0c3366ee30f9e42534822c61906bcdf

    • SHA512

      a6dda04f333c9e6350976b629a73acb5db4b0cc9e0556960fccb32752010239ca20600686533d2ea0b766da30c9237fbb990bcae6d39e70b2440148b0619f1a6

    • SSDEEP

      3072:TbVLPY8Oqb1GXtquUbPFieoqDJMxU4vTmjiYwqRTsaBuJHPNXJ5xaJVYYPwioGu+:tDd0XtjlxU3BglPN55xowixuYH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks