Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    2.1MB

  • Sample

    230202-t4xr8aag57

  • MD5

    d1433f5b2eada044678af57d87ee31e5

  • SHA1

    0493152ee8d18335fa5043be0f80d12331f2ea00

  • SHA256

    95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2

  • SHA512

    80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2

  • SSDEEP

    49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.210.137.6:47909

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      file

    • Size

      2.1MB

    • MD5

      d1433f5b2eada044678af57d87ee31e5

    • SHA1

      0493152ee8d18335fa5043be0f80d12331f2ea00

    • SHA256

      95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2

    • SHA512

      80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2

    • SSDEEP

      49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks