Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    setup.exe

  • Size

    12.5MB

  • Sample

    230105-zdkb4agg9x

  • MD5

    d7ac9f5311f60a1e99d3547d66f19a4d

  • SHA1

    17a4692a0afbad5be0e94d13d0a7ba5526d1b522

  • SHA256

    5dfc270f4ab0582f5718784c455623755d8fb7a22a2e8db4d98be5ecb913352c

  • SHA512

    c9af04f1324534ff842211f7b4cfa6abb49a8d987fd070a50918c7469b2d4d9d40992c972e51970c6245af12b43f107cdf0dd3f44e87b197d675a5f9ec86da7b

  • SSDEEP

    393216:3xsX4B8eD3F+oI9KtC9N5cfZLxsaZf4nT7P4tU:3GI9FQ3OfZLSPP4q

Malware Config

Extracted

Family

redline

C2

195.20.17.174:80

Attributes
  • auth_value

    cf75908d75b4508135a38c8679c86f6e

Targets

    • Target

      setup.exe

    • Size

      12.5MB

    • MD5

      d7ac9f5311f60a1e99d3547d66f19a4d

    • SHA1

      17a4692a0afbad5be0e94d13d0a7ba5526d1b522

    • SHA256

      5dfc270f4ab0582f5718784c455623755d8fb7a22a2e8db4d98be5ecb913352c

    • SHA512

      c9af04f1324534ff842211f7b4cfa6abb49a8d987fd070a50918c7469b2d4d9d40992c972e51970c6245af12b43f107cdf0dd3f44e87b197d675a5f9ec86da7b

    • SSDEEP

      393216:3xsX4B8eD3F+oI9KtC9N5cfZLxsaZf4nT7P4tU:3GI9FQ3OfZLSPP4q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks