Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ad704ae529bf043358e8393838ccea12.exe

  • Size

    282KB

  • Sample

    230102-mghlfsdh64

  • MD5

    ad704ae529bf043358e8393838ccea12

  • SHA1

    b5baed3a38a0eea3a30214821b4e64eb0006fd1f

  • SHA256

    e6695283447e08a992fde58b23bb0e3bcdf8111d69ba3caf96b16869b3c994e6

  • SHA512

    ab12192d56433ac4364401771f3ba17f187af9190c9bc4cacce2b1ccc0da42ed096d7c3936612158ba8f2b351464c8a46e1db78bebc6d9d3baeefe6614ec0052

  • SSDEEP

    3072:MJ4fA8oE7AvZdlCR+zM/rgITMWPYlO4myQ9B0nk0kebT4tAMq/HhMlun5jHMusH:cWA8oEoCRj/rVTF9mnjcA7ZQu54us

Malware Config

Extracted

Family

redline

C2

95.216.252.182:4277

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      ad704ae529bf043358e8393838ccea12.exe

    • Size

      282KB

    • MD5

      ad704ae529bf043358e8393838ccea12

    • SHA1

      b5baed3a38a0eea3a30214821b4e64eb0006fd1f

    • SHA256

      e6695283447e08a992fde58b23bb0e3bcdf8111d69ba3caf96b16869b3c994e6

    • SHA512

      ab12192d56433ac4364401771f3ba17f187af9190c9bc4cacce2b1ccc0da42ed096d7c3936612158ba8f2b351464c8a46e1db78bebc6d9d3baeefe6614ec0052

    • SSDEEP

      3072:MJ4fA8oE7AvZdlCR+zM/rgITMWPYlO4myQ9B0nk0kebT4tAMq/HhMlun5jHMusH:cWA8oEoCRj/rVTF9mnjcA7ZQu54us

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks