Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b67148279cb0eccef45564104edd28528895706d8f15f.exe

  • Size

    276KB

  • Sample

    230116-elscfsch5t

  • MD5

    972f7adfdb8698188f4823ab492a57fa

  • SHA1

    5c2b3d50742dddbffbb1c568104805beb9001d65

  • SHA256

    b67148279cb0eccef45564104edd28528895706d8f15fc9a806387f5bcc8752f

  • SHA512

    2da2e73cab249853078d7d35a24806b1c15112ad976329ca3fe7bf16c84ad6614070e7163b6a614193cb91924463a2eadd4a8f98544048b6b2229b4a4b8bed3a

  • SSDEEP

    6144:ExoZEhkyxrgb6rV4Vnsc5xxNMMbVaT5hYovGINYO:vZEj06rV3cXcT5hHR

Malware Config

Extracted

Family

redline

Botnet

1

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes
  • auth_value

    b6c86adb7106e9ee7247628f59e06830

Targets

    • Target

      b67148279cb0eccef45564104edd28528895706d8f15f.exe

    • Size

      276KB

    • MD5

      972f7adfdb8698188f4823ab492a57fa

    • SHA1

      5c2b3d50742dddbffbb1c568104805beb9001d65

    • SHA256

      b67148279cb0eccef45564104edd28528895706d8f15fc9a806387f5bcc8752f

    • SHA512

      2da2e73cab249853078d7d35a24806b1c15112ad976329ca3fe7bf16c84ad6614070e7163b6a614193cb91924463a2eadd4a8f98544048b6b2229b4a4b8bed3a

    • SSDEEP

      6144:ExoZEhkyxrgb6rV4Vnsc5xxNMMbVaT5hYovGINYO:vZEj06rV3cXcT5hHR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks