Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b59ba55f69a332109ec86717660d66b7.exe

  • Size

    1.6MB

  • Sample

    230520-dgslzsab48

  • MD5

    b59ba55f69a332109ec86717660d66b7

  • SHA1

    3d61511c2dd907864f790f069ba30daf8a189884

  • SHA256

    9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec

  • SHA512

    71ad439cc3f2e1fa6f2e836ed5eb3041415fa368f0258e2cd97cd327e480deb63b4f4679d42783abe966abb181746a039d5c5c9a65c26efb979631d4f9859370

  • SSDEEP

    49152:vEnI41s0Ypl/PB5iRsxKCDXbrHxW6ON7Y3:fc+dPB5iRGd5W6C7Y3

Malware Config

Extracted

Family

redline

Botnet

5874066304_99

C2

popshues.top:28786

Attributes
  • auth_value

    31adbd205862f9692bece3c6ae1bdc88

Targets

    • Target

      b59ba55f69a332109ec86717660d66b7.exe

    • Size

      1.6MB

    • MD5

      b59ba55f69a332109ec86717660d66b7

    • SHA1

      3d61511c2dd907864f790f069ba30daf8a189884

    • SHA256

      9f501e75fa1f86aca08cecdd4b3fe11676a0aebac9f34cbbbfb12f43a2a075ec

    • SHA512

      71ad439cc3f2e1fa6f2e836ed5eb3041415fa368f0258e2cd97cd327e480deb63b4f4679d42783abe966abb181746a039d5c5c9a65c26efb979631d4f9859370

    • SSDEEP

      49152:vEnI41s0Ypl/PB5iRsxKCDXbrHxW6ON7Y3:fc+dPB5iRGd5W6C7Y3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks