Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Run.exe

  • Size

    258KB

  • Sample

    230321-vx7jhseb7w

  • MD5

    2f197fca331cfb3b9975b0060c79f535

  • SHA1

    a9ab2a146053729fcda6f27c1fbc44301ee3de2a

  • SHA256

    119e98871567c82fd70bf47caa657ae9865f15e369ac2c381be23f3a2c8418c4

  • SHA512

    af13007c41605eb424e3e1cd47017564d244148ce26b192eed04cc64564cbc64cb71aa6e96b37d2d6685fad6a6e15603cf7fb68776ac1d3b9485ca802f212f86

  • SSDEEP

    6144:hh2jMQvMuIIkQ/LsqVtjdTJVdRAuU07CP:HzHuIIwmFrRUeG

Malware Config

Extracted

Family

redline

C2

45.15.157.131:36457

Attributes
  • auth_value

    f4bbe99787a086a2bbc36d534a2de4f4

Targets

    • Target

      Run.exe

    • Size

      258KB

    • MD5

      2f197fca331cfb3b9975b0060c79f535

    • SHA1

      a9ab2a146053729fcda6f27c1fbc44301ee3de2a

    • SHA256

      119e98871567c82fd70bf47caa657ae9865f15e369ac2c381be23f3a2c8418c4

    • SHA512

      af13007c41605eb424e3e1cd47017564d244148ce26b192eed04cc64564cbc64cb71aa6e96b37d2d6685fad6a6e15603cf7fb68776ac1d3b9485ca802f212f86

    • SSDEEP

      6144:hh2jMQvMuIIkQ/LsqVtjdTJVdRAuU07CP:HzHuIIwmFrRUeG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks