Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d26b2ccd400f4c84daca8aeb7d13f7ec193582e2f3e12886ba36528d9ae5adff

  • Size

    290KB

  • Sample

    230330-yvst5afe6v

  • MD5

    30d8ae6daeb6a52a9da20f67b9c78db8

  • SHA1

    d3ceb85169d00608be205593d8380f5d43491dad

  • SHA256

    d26b2ccd400f4c84daca8aeb7d13f7ec193582e2f3e12886ba36528d9ae5adff

  • SHA512

    78f47115733e609f3593643e827c77491c778f98f5c754de226968726df99d0a8651d32c35ec160eabbd55cbc066bedbb36cdf2796d252da191724b94707b5a2

  • SSDEEP

    3072:8mYIClSZ1KSEfCYEI4y1cDTMkuqC8Os1oAXFHPGxAN3LVvh8Z8rMIA3Dr+3yb2fL:BsSEf19cKj8n1oAXJP7N8JIRyq

Malware Config

Extracted

Family

redline

C2

135.181.173.163:4325

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      d26b2ccd400f4c84daca8aeb7d13f7ec193582e2f3e12886ba36528d9ae5adff

    • Size

      290KB

    • MD5

      30d8ae6daeb6a52a9da20f67b9c78db8

    • SHA1

      d3ceb85169d00608be205593d8380f5d43491dad

    • SHA256

      d26b2ccd400f4c84daca8aeb7d13f7ec193582e2f3e12886ba36528d9ae5adff

    • SHA512

      78f47115733e609f3593643e827c77491c778f98f5c754de226968726df99d0a8651d32c35ec160eabbd55cbc066bedbb36cdf2796d252da191724b94707b5a2

    • SSDEEP

      3072:8mYIClSZ1KSEfCYEI4y1cDTMkuqC8Os1oAXFHPGxAN3LVvh8Z8rMIA3Dr+3yb2fL:BsSEf19cKj8n1oAXJP7N8JIRyq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks