Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    430KB

  • Sample

    230601-me42nsdg33

  • MD5

    38590b49503ebe86502c9418f11e7458

  • SHA1

    9014f82d54690aaa6e0a8d602933ec6b79ce2a91

  • SHA256

    5a37399feb2eebccfcb6268fcf8ed8bc1e3243ec0797daa5a6d8a4cdc993129f

  • SHA512

    5d9a99832f4b56a94514c2c814e0d9fd4c82cd39782d0c2ac6d83b476227091bdbdd27a4d45568cc5e2ee7f5763cf6a4030d0cbfed4c52cf635dacae64468dc7

  • SSDEEP

    6144:2prkauGpxdr+Q/BsWkrjr6dCJ77cIniSSSPauIvt9gINkSVvVERuAXJunb6:2pIuh+YBnEXTdPauUgINzFVERuAXb

Malware Config

Extracted

Family

redline

Botnet

Instals

C2

89.23.97.107:8086

Attributes
  • auth_value

    8a82a3c9eb67dfb581f57e3f2c7aefe6

Targets

    • Target

      file.exe

    • Size

      430KB

    • MD5

      38590b49503ebe86502c9418f11e7458

    • SHA1

      9014f82d54690aaa6e0a8d602933ec6b79ce2a91

    • SHA256

      5a37399feb2eebccfcb6268fcf8ed8bc1e3243ec0797daa5a6d8a4cdc993129f

    • SHA512

      5d9a99832f4b56a94514c2c814e0d9fd4c82cd39782d0c2ac6d83b476227091bdbdd27a4d45568cc5e2ee7f5763cf6a4030d0cbfed4c52cf635dacae64468dc7

    • SSDEEP

      6144:2prkauGpxdr+Q/BsWkrjr6dCJ77cIniSSSPauIvt9gINkSVvVERuAXJunb6:2pIuh+YBnEXTdPauUgINzFVERuAXb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks