Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    089a8afdbd2da31e6180ea0d8a85b3e1.bin.exe

  • Size

    346KB

  • Sample

    230420-eym89sfe26

  • MD5

    089a8afdbd2da31e6180ea0d8a85b3e1

  • SHA1

    7126a510297ca035b255abbeefab4385830b3ab2

  • SHA256

    319875a4c7898ae0f636f5ee26e14172008724c4567eacfba7a36aa4b2a413c4

  • SHA512

    584bcf8e1b5e0dc90cf2f26a7896f8bd19dfdbc461d3d1e241e4643db2782b67acecb7c9687044658cfb1a44f73e68351513ff5108d17b26ed7d85268d2d7d0f

  • SSDEEP

    6144:cT11Ka2T5jBmjEKCPcuyflTX8deh8I5jAriUzU:cT1aTvmjZCZolT+I5Urh

Malware Config

Extracted

Family

redline

Botnet

@COSMICCLOUDADMIN

C2

20.226.69.130:30497

Attributes
  • auth_value

    0c9b7221bd50ac4f7beb692ba88b2c78

Targets

    • Target

      089a8afdbd2da31e6180ea0d8a85b3e1.bin.exe

    • Size

      346KB

    • MD5

      089a8afdbd2da31e6180ea0d8a85b3e1

    • SHA1

      7126a510297ca035b255abbeefab4385830b3ab2

    • SHA256

      319875a4c7898ae0f636f5ee26e14172008724c4567eacfba7a36aa4b2a413c4

    • SHA512

      584bcf8e1b5e0dc90cf2f26a7896f8bd19dfdbc461d3d1e241e4643db2782b67acecb7c9687044658cfb1a44f73e68351513ff5108d17b26ed7d85268d2d7d0f

    • SSDEEP

      6144:cT11Ka2T5jBmjEKCPcuyflTX8deh8I5jAriUzU:cT1aTvmjZCZolT+I5Urh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks