Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1

  • Size

    124KB

  • Sample

    230103-d91s3ach2z

  • MD5

    3e563a57d564aabc935df209fab7726e

  • SHA1

    b2507e59a25674ced81dbdef5bed215d651b9389

  • SHA256

    5e0785abbbf807afc984a87eed6739c071ae85c2025c1b5c44eaa4a6561c2b76

  • SHA512

    bded17559641f7d5f777583fa80a303bcf24882968ead63e4d9d29aab591ebc83ffc318474125f401e77ee4dd2357a17e95a985fccfed688a43247e3a617cec6

  • SSDEEP

    3072:Lqyr7tSAArTxlZQSC+B4OiiLgHbPz/NdOYBuQr0cu:n7SrTHZQaBtJgHbPzFP0cu

Malware Config

Extracted

Family

redline

Botnet

pub4

C2

89.22.231.25:45245

Attributes
  • auth_value

    0da82ae70515a79fe7ddf40ce11d2c47

Targets

    • Target

      b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1

    • Size

      285KB

    • MD5

      90c10a5ed9337bea9e9f7ba220d286c3

    • SHA1

      c12914a4bba77df18707d96cb05991aa847d7487

    • SHA256

      b45c369861674c8d94c2249c1983488585904f21898330a3b435d9d5a5a6c5d1

    • SHA512

      c84946f98ba7e88445ab7738da694610f914087696f9839224f994770934ba22bf4501319d4789cef1bb63694c6bec35866d54518aae8efdbccbb7616e3c8880

    • SSDEEP

      6144:KWd94PYZfJfeB76+rG2lL0BEWD1wjMSfsog4DCRl:KWd94PYRmGKYBEWhwbfbg4DCP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks