Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd40336588cb5f490f89cbb65510b4a8945608f36c49542d59cfa9915a7b4736

  • Size

    1.4MB

  • Sample

    221103-l3w6asbchj

  • MD5

    0a507e42406ab120c12eda49853c7a95

  • SHA1

    870832058c47fa7edf6af705e926d82716cd855c

  • SHA256

    bd40336588cb5f490f89cbb65510b4a8945608f36c49542d59cfa9915a7b4736

  • SHA512

    cda0a1317dfd2799161498a51dda83d07d6eaed283a4bd43f17341be709fa6b4a69e5370ace44df3b14ad24308ab1fb24dba29ab71b6d10c16c82233ef20b452

  • SSDEEP

    24576:851Y/eaCUXf9V4e+3wpvtLDaSz9rk3fKaTIs5C69ufScu/+BR274numvPKb0fHof:feaCUXfXz+3wpvtKS9k3XzLuqcu/mR2J

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      bd40336588cb5f490f89cbb65510b4a8945608f36c49542d59cfa9915a7b4736

    • Size

      1.4MB

    • MD5

      0a507e42406ab120c12eda49853c7a95

    • SHA1

      870832058c47fa7edf6af705e926d82716cd855c

    • SHA256

      bd40336588cb5f490f89cbb65510b4a8945608f36c49542d59cfa9915a7b4736

    • SHA512

      cda0a1317dfd2799161498a51dda83d07d6eaed283a4bd43f17341be709fa6b4a69e5370ace44df3b14ad24308ab1fb24dba29ab71b6d10c16c82233ef20b452

    • SSDEEP

      24576:851Y/eaCUXf9V4e+3wpvtLDaSz9rk3fKaTIs5C69ufScu/+BR274numvPKb0fHof:feaCUXfXz+3wpvtKS9k3XzLuqcu/mR2J

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks