Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.4MB

  • Sample

    221104-yks25saea6

  • MD5

    34fe5a37c7921bbdaacbd9d6390e5eb9

  • SHA1

    69f9c57638e112232d315ef4d85af55151e9be90

  • SHA256

    fb510aeb78ac861e75a3d79ee2926d44121eaac29bdfac8878f2cd3cd4c2553a

  • SHA512

    a04662319b0385c6b59d4b6011e7e0b6effa73e978026d9d4a9744eae88a3f1d9019fae1a04427b01a134fc24e10947d86ecd9da2506bcb66ee18e4de83e34bd

  • SSDEEP

    24576:D71Y1FecMTBP8fVsJzoqmT56nYNk9A0IPkpo6tNOPQBI2WI0aCw28BueGl3ejZvT:mFecANeVsoD5WYO9A7k66tNYQa26aCeV

Malware Config

Extracted

Family

redline

Botnet

1310

C2

79.137.192.57:48771

Attributes
  • auth_value

    feb5f5c29913f32658637e553762a40e

Targets

    • Target

      file.exe

    • Size

      1.4MB

    • MD5

      34fe5a37c7921bbdaacbd9d6390e5eb9

    • SHA1

      69f9c57638e112232d315ef4d85af55151e9be90

    • SHA256

      fb510aeb78ac861e75a3d79ee2926d44121eaac29bdfac8878f2cd3cd4c2553a

    • SHA512

      a04662319b0385c6b59d4b6011e7e0b6effa73e978026d9d4a9744eae88a3f1d9019fae1a04427b01a134fc24e10947d86ecd9da2506bcb66ee18e4de83e34bd

    • SSDEEP

      24576:D71Y1FecMTBP8fVsJzoqmT56nYNk9A0IPkpo6tNOPQBI2WI0aCw28BueGl3ejZvT:mFecANeVsoD5WYO9A7k66tNYQa26aCeV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks