Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2

  • Size

    282KB

  • Sample

    230607-2xvy2sgh86

  • MD5

    d2cc25c594d2c5c0b75eb60576dff355

  • SHA1

    c5fba0df5a79e42be2fca4eeec5e215dca73dbbe

  • SHA256

    67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2

  • SHA512

    45f5d90f4de86f54e75b708eb7b9ec3f84d52c9e5ccee9011244a7614234355031c23afb16255cca5fa939212a825e07ee746f989700e46363a95e07ec8df88c

  • SSDEEP

    6144:SQvoWvJj4fHwvTygXUNVS4MGh1aBFrvz1xcxcWh4rt:SUqEyR1aBFrvz1xcxd4rt

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2

    • Size

      282KB

    • MD5

      d2cc25c594d2c5c0b75eb60576dff355

    • SHA1

      c5fba0df5a79e42be2fca4eeec5e215dca73dbbe

    • SHA256

      67c2961e82a2c21432767614a664e86a59f0de0632c72cc93cf21df7cc2d99a2

    • SHA512

      45f5d90f4de86f54e75b708eb7b9ec3f84d52c9e5ccee9011244a7614234355031c23afb16255cca5fa939212a825e07ee746f989700e46363a95e07ec8df88c

    • SSDEEP

      6144:SQvoWvJj4fHwvTygXUNVS4MGh1aBFrvz1xcxcWh4rt:SUqEyR1aBFrvz1xcxd4rt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks