Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8fa4a6c523ea164810039b279197b46e473f997f25f4e9cc936b39ee79df99ad

  • Size

    257KB

  • Sample

    221105-ywmdqshdg4

  • MD5

    752f3c51cec694c17bdc6f881e5ad740

  • SHA1

    61f2686c1ba4b7da72a2047ba1552240618e005d

  • SHA256

    8fa4a6c523ea164810039b279197b46e473f997f25f4e9cc936b39ee79df99ad

  • SHA512

    3a1960a621be977c0663543ea79ce2daf2ab05e5ff2c872878d1c03a9e53ee37e5a645e29de421862a54a653d7b986e8034b2237e2697ecad518967278e4d7c1

  • SSDEEP

    6144:jUTIt3vbSenezxXnyg6QpOwY1en1pBAhcs3zd+QYMbl:jUTIt3vbSnyg/OHd+vQl

Malware Config

Extracted

Family

redline

Botnet

Google2

C2

167.235.71.14:20469

Attributes
  • auth_value

    fb274d9691235ba015830da570a13578

Targets

    • Target

      8fa4a6c523ea164810039b279197b46e473f997f25f4e9cc936b39ee79df99ad

    • Size

      257KB

    • MD5

      752f3c51cec694c17bdc6f881e5ad740

    • SHA1

      61f2686c1ba4b7da72a2047ba1552240618e005d

    • SHA256

      8fa4a6c523ea164810039b279197b46e473f997f25f4e9cc936b39ee79df99ad

    • SHA512

      3a1960a621be977c0663543ea79ce2daf2ab05e5ff2c872878d1c03a9e53ee37e5a645e29de421862a54a653d7b986e8034b2237e2697ecad518967278e4d7c1

    • SSDEEP

      6144:jUTIt3vbSenezxXnyg6QpOwY1en1pBAhcs3zd+QYMbl:jUTIt3vbSnyg/OHd+vQl

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks