Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

  • Size

    1.8MB

  • Sample

    230321-179dradd75

  • MD5

    a631f66eb7c5e6e476ebac0baa5b0dbe

  • SHA1

    3ec553f7caffff701451fad841a7b0d38f538895

  • SHA256

    d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

  • SHA512

    57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45

  • SSDEEP

    24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si

Malware Config

Extracted

Family

redline

Botnet

mix1

C2

80.85.156.168:20189

Attributes
  • auth_value

    4f9b36b8bfdf2607d3f0e623584037e2

Targets

    • Target

      d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

    • Size

      1.8MB

    • MD5

      a631f66eb7c5e6e476ebac0baa5b0dbe

    • SHA1

      3ec553f7caffff701451fad841a7b0d38f538895

    • SHA256

      d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

    • SHA512

      57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45

    • SSDEEP

      24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.