Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Wondershare Filmora v.4.6.23617.rar

  • Size

    1.9MB

  • Sample

    230416-l6gj1sbd8z

  • MD5

    00e3b13ed0cc36202ad336383859c153

  • SHA1

    50454704d98181f3779e39f6ca93a908ad19b9dd

  • SHA256

    bd60655a397d6d029aacfd312d1a6be886fa49cb305e2cf4fedac257de486959

  • SHA512

    a829b6cd0a7492c5b67acef126b9a403624818e451f885f85dde2ed2f07272f57962687b4c2fd5372f8c4d30455fe3e5589ad8179339378dd0a8a183243f9fb9

  • SSDEEP

    49152:giDaXDhruURY2ThLwKU9k1XPQngVgFXzotEOf8QFmGhdH9+r:p+uUY2NEKv1XPQgmXzoDtdhFe

Malware Config

Extracted

Family

redline

C2

45.15.157.147:37535

Attributes
  • auth_value

    1f773219e771b9b31c9aa0165d4091a5

Targets

    • Target

      Setup.exe

    • Size

      337KB

    • MD5

      2c496d5541356d5b1a76946bbb180f8d

    • SHA1

      70653fd16c50e55d01b04cf47a43377e77f7ed9d

    • SHA256

      8c585bd8737ad360171f432d99d9956a81359f19805c036f235114fddc9fe100

    • SHA512

      ff671f48fe9bb5201c4be79a6bd92052b709610303cdc735fee1c20c1740e462c2d4699f490569954ac331749a351f9a6b0b27830b5ffe8132d47f0e8a350dd6

    • SSDEEP

      6144:T77OiBpUF6cGO/5cAcgIfKHbSlHyLK6SlOkNxLO8BlvI:T7aifUF65OZGKHy6SlOhG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Find unpacked information stealer based on possible SQL query to retrieve broswer data

      Detects infostealer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks