Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4

  • Size

    1.1MB

  • Sample

    230420-zh9sjscc53

  • MD5

    9bcbd5207435abcd90cafb3ac175d885

  • SHA1

    6ff71e9a9ac82f29e6af9e9185561507efd79bdf

  • SHA256

    8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4

  • SHA512

    414f9dd3b6af4bdc9ac1d1e8d90202a576b8e7ef8f036d5fd10858545075cd169def8624650444f1021ec453a7197bcad5a6c80a7ef6e8c27df50b01f0629249

  • SSDEEP

    6144:AY2g5X55t2B+DWSJI/AOou2Tss7OifSWqCi+tJnjnMNvKjBWy2uFlDXK72:AY2g5XXFsuswqgrMBIW72

Malware Config

Extracted

Family

redline

C2

135.181.241.192:4327

Attributes
  • auth_value

    a909e2aaecf96137978fea4f86400b9b

Targets

    • Target

      8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4

    • Size

      1.1MB

    • MD5

      9bcbd5207435abcd90cafb3ac175d885

    • SHA1

      6ff71e9a9ac82f29e6af9e9185561507efd79bdf

    • SHA256

      8d240c92f314b3eace55017d2f442122547a64198744e9319ca178d851beb3a4

    • SHA512

      414f9dd3b6af4bdc9ac1d1e8d90202a576b8e7ef8f036d5fd10858545075cd169def8624650444f1021ec453a7197bcad5a6c80a7ef6e8c27df50b01f0629249

    • SSDEEP

      6144:AY2g5X55t2B+DWSJI/AOou2Tss7OifSWqCi+tJnjnMNvKjBWy2uFlDXK72:AY2g5XXFsuswqgrMBIW72

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks