Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

  • Size

    838KB

  • Sample

    230210-vqhltabf71

  • MD5

    8d6b247e8d3fb7f100eb8695b4acaf77

  • SHA1

    03844f5ca6a7f9203825724ac4e32ccb369b31b3

  • SHA256

    f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

  • SHA512

    ea374fb0007f0021b455d7c80bcf74fb77250fe330164932ee33a6c2430c255ee8ff5ee1a6f89679c22e0347873f8714a044101ff3402c8f6230f9f748e82db9

  • SSDEEP

    12288:YMrPy90m6K8CXPSdLcidfTYCO+rOnbtRwTHakPutNp16eYLU3HSEdAgCC:3yJ6PCGc2f7O+YpRM6quPrHwcRCC

Malware Config

Extracted

Family

redline

Botnet

crypt1

C2

176.113.115.17:4132

Attributes
  • auth_value

    2e2ca7bbceaa9f98252a6f9fc0e6fa86

Targets

    • Target

      f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

    • Size

      838KB

    • MD5

      8d6b247e8d3fb7f100eb8695b4acaf77

    • SHA1

      03844f5ca6a7f9203825724ac4e32ccb369b31b3

    • SHA256

      f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

    • SHA512

      ea374fb0007f0021b455d7c80bcf74fb77250fe330164932ee33a6c2430c255ee8ff5ee1a6f89679c22e0347873f8714a044101ff3402c8f6230f9f748e82db9

    • SSDEEP

      12288:YMrPy90m6K8CXPSdLcidfTYCO+rOnbtRwTHakPutNp16eYLU3HSEdAgCC:3yJ6PCGc2f7O+YpRM6quPrHwcRCC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks