Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    inject.zip

  • Size

    334KB

  • Sample

    230211-ysawjagh98

  • MD5

    57687c6490fd4dff74785936efb582fa

  • SHA1

    d36c8de8e9807b49ca9c55eaa53c6b7a35aa436e

  • SHA256

    a0224249bba012dbeced74e6e79e7f328f0619aaab417c1d21fe795dcbee3d66

  • SHA512

    a15b93b2478f13e3543357b9dedacbbfaf93ffa4077945f908a949be59a473b9e8cd99c8df5092591839727ab23072b0ac8e9a7e9905db51c9a71171a19ae525

  • SSDEEP

    6144:R2pWagLRk18+8fW23vclpCRBgL+hn7iGUwRzL2V3jFZ4KEMZi:R2pgC18NW23wpCQLsJ32V3jFZ4KEz

Malware Config

Extracted

Family

redline

C2

82.115.223.46:57672

Attributes
  • auth_value

    0b419e4e1ec3f5b460f1ca0a8cbe4916

Targets

    • Target

      inject/loader.exe

    • Size

      2.5MB

    • MD5

      dd395bc1d5cd54dedca7d49ce67c1e86

    • SHA1

      06a0c7fbbf0a371cfa33dba7dc43dc99633cb426

    • SHA256

      2d7d8424f6c2664edc9f09504950732cfcb25271cda56b6dc4804e159eba2c29

    • SHA512

      56b41adce07ab6041bf9dedd2e549c65151bca48cbe6b5a06c70bb256d954a947a71c3e37e6ffe2cc6782e9170ce7374c8709a95bf2b7ab03a64626902ffedce

    • SSDEEP

      6144:c3x2qt7guV4/dm74iqu4X3q08AO7l2D1F9cghcwpCbmsLjSrvSAfa8ka:c4qt7guV4NGHs17cgodjSreC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks