Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35

  • Size

    277KB

  • Sample

    230102-jyjy3agh3z

  • MD5

    4354797fd5248c92230121ec6a82d939

  • SHA1

    7d1293d4c1ccee0736ac88951da8bc325abb82c0

  • SHA256

    072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35

  • SHA512

    f13580332683fa1485bb7ffe5de52a0d47f20c467cd077bd6606b20a052b9230045d7083d37bdcf8f2191c5a2478611d84f1c692a98e82d6d70c0d8680cb396f

  • SSDEEP

    3072:jPjx0ADKrqLOwZzoXhdWgMeEdAngc13xa8SM3/zEWOiCoONUMaRXW+iX:TV3EqLOq6hd6eEmuPM3/gWOiBkSAX

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes
  • auth_value

    0da82ae70515a79fe7ddf40ce11d2c47

Targets

    • Target

      072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35

    • Size

      277KB

    • MD5

      4354797fd5248c92230121ec6a82d939

    • SHA1

      7d1293d4c1ccee0736ac88951da8bc325abb82c0

    • SHA256

      072bc2c18f231d71a7309103b429ccfc8fce816c72860b3006a43a88450ffa35

    • SHA512

      f13580332683fa1485bb7ffe5de52a0d47f20c467cd077bd6606b20a052b9230045d7083d37bdcf8f2191c5a2478611d84f1c692a98e82d6d70c0d8680cb396f

    • SSDEEP

      3072:jPjx0ADKrqLOwZzoXhdWgMeEdAngc13xa8SM3/zEWOiCoONUMaRXW+iX:TV3EqLOq6hd6eEmuPM3/gWOiBkSAX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks