Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

  • Size

    1.8MB

  • Sample

    230321-179dradd75

  • MD5

    a631f66eb7c5e6e476ebac0baa5b0dbe

  • SHA1

    3ec553f7caffff701451fad841a7b0d38f538895

  • SHA256

    d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

  • SHA512

    57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45

  • SSDEEP

    24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si

Malware Config

Extracted

Family

redline

Botnet

mix1

C2

80.85.156.168:20189

Attributes
  • auth_value

    4f9b36b8bfdf2607d3f0e623584037e2

Targets

    • Target

      d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

    • Size

      1.8MB

    • MD5

      a631f66eb7c5e6e476ebac0baa5b0dbe

    • SHA1

      3ec553f7caffff701451fad841a7b0d38f538895

    • SHA256

      d3f3ea77ce48cf9b66dd2e067f8c7555b1b1ba5d8cb3f61a91ce68db5a8e8e7e

    • SHA512

      57dfed65f52374400d1f3193442ed2244a6d9797f360a46ef5a998bc8c2a7b30a501f6a0ab080e60541c4f4dce8502e0992d67cb45f69324893c56832438eb45

    • SSDEEP

      24576:W+NO34lJDEfZM7xOeHk/2cGxPEEeY7ucnz0cfhWjH7Ofc+HVKC7+fUi:Wy04lJR7wWk/k9eYtz0cJWj0c+3+si

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks