Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    1.8MB

  • Sample

    221106-msh2csaddn

  • MD5

    c4a34dadd5bdd435bbd2b601216a8845

  • SHA1

    0e98ada0fb38b22ce20aff1d5c1bca3959e330bc

  • SHA256

    6dc671b1584fa593d98f07d458f6f251b7a5be61d06a5fc8e197906010f5f30e

  • SHA512

    44eecce62f327a64e1f002c3b46a45a8b0c95e844f4d7c91f5ad3db9fd83bf2eeb927bc3df544c60b2c2e0fe7aa455bbacc844f581cccf4762dcbd5b1fe0aa40

  • SSDEEP

    24576:iPXk9u1zxwjp6oU3e4Kspw8NWOY4hqPGWXYQJk/8mckkcmOJZGyzzoV:x9u1VINB45pTtpmGGCsUmq74V

Malware Config

Extracted

Family

redline

Botnet

Ross Trafer

C2

79.137.204.225:35366

Attributes
  • auth_value

    c13df8b0f711231b91be845c727b3945

Targets

    • Target

      file

    • Size

      1.8MB

    • MD5

      c4a34dadd5bdd435bbd2b601216a8845

    • SHA1

      0e98ada0fb38b22ce20aff1d5c1bca3959e330bc

    • SHA256

      6dc671b1584fa593d98f07d458f6f251b7a5be61d06a5fc8e197906010f5f30e

    • SHA512

      44eecce62f327a64e1f002c3b46a45a8b0c95e844f4d7c91f5ad3db9fd83bf2eeb927bc3df544c60b2c2e0fe7aa455bbacc844f581cccf4762dcbd5b1fe0aa40

    • SSDEEP

      24576:iPXk9u1zxwjp6oU3e4Kspw8NWOY4hqPGWXYQJk/8mckkcmOJZGyzzoV:x9u1VINB45pTtpmGGCsUmq74V

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks