Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db

  • Size

    354KB

  • Sample

    230104-tjsmrsca7w

  • MD5

    0a7abae3ad10992088d18900ce46b028

  • SHA1

    721fbb3899b3715f0e0a0d8c9b4b4010698a6dd4

  • SHA256

    c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db

  • SHA512

    a3d9682da8b8226c084e0d4ef292cceffdea2798fb6be74aeb978530eda5bcad39e21307f1fc378c65da215770c3e5a321470480ab97a44b0cc294db76a85751

  • SSDEEP

    6144:uBCl5mIuQVNkMG2Ui1TNVAOj6/Wx72Lkc9kALq5T:YCTmIpGCNJey9c9pq5

Malware Config

Extracted

Family

redline

Botnet

pub2

C2

89.22.231.25:45245

Attributes
  • auth_value

    ea9464d486a641bb513057e5f63399e1

Targets

    • Target

      c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db

    • Size

      354KB

    • MD5

      0a7abae3ad10992088d18900ce46b028

    • SHA1

      721fbb3899b3715f0e0a0d8c9b4b4010698a6dd4

    • SHA256

      c10be29a8627038dae52891fb7dd2a3ba63af3709e5bc6dd27032db367d2e7db

    • SHA512

      a3d9682da8b8226c084e0d4ef292cceffdea2798fb6be74aeb978530eda5bcad39e21307f1fc378c65da215770c3e5a321470480ab97a44b0cc294db76a85751

    • SSDEEP

      6144:uBCl5mIuQVNkMG2Ui1TNVAOj6/Wx72Lkc9kALq5T:YCTmIpGCNJey9c9pq5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks