Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e

  • Size

    251KB

  • Sample

    230215-v6awxacg9s

  • MD5

    a964af3c28ddb8261c7fcb4a2c32bca9

  • SHA1

    9183e0d998b16edcef55c12d28386a1ee657de7b

  • SHA256

    4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e

  • SHA512

    ea3e91dbfbe38a234a8d7957f7854e68377b8db1b181a0e9064b050403345c64a333bd41f702187be88a6e05bc991e0b59e34813f44acd219c88aafb931d1466

  • SSDEEP

    6144:zaAELcw3oMjkYvQUbsKidemEt9cr+cOz+8nWIYT+H0iF47wO:zaAELcw3oMjkYvQUbs9dcI+cOw7T+Hbu

Malware Config

Extracted

Family

redline

C2

95.217.146.176:4287

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e

    • Size

      251KB

    • MD5

      a964af3c28ddb8261c7fcb4a2c32bca9

    • SHA1

      9183e0d998b16edcef55c12d28386a1ee657de7b

    • SHA256

      4a191c762591703dbbfabfcc04586b778ba2c93d2ae0f26041c95da21b87dc5e

    • SHA512

      ea3e91dbfbe38a234a8d7957f7854e68377b8db1b181a0e9064b050403345c64a333bd41f702187be88a6e05bc991e0b59e34813f44acd219c88aafb931d1466

    • SSDEEP

      6144:zaAELcw3oMjkYvQUbsKidemEt9cr+cOz+8nWIYT+H0iF47wO:zaAELcw3oMjkYvQUbs9dcI+cOw7T+Hbu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks