Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bda9121d23eb12a438387cb5d08279fe63c4895836fe01600007b06239a7b19b

  • Size

    262KB

  • Sample

    230607-pf6m1aac38

  • MD5

    1ae2d63509750380130d21bd036d9dd0

  • SHA1

    941edd6f8cf9a858e4b2cbb5c1d612fbcd800aaa

  • SHA256

    bda9121d23eb12a438387cb5d08279fe63c4895836fe01600007b06239a7b19b

  • SHA512

    b38c559752bb6a08de78de74a1506c1dbf2900b2b53cb3b1630ada0157d50092e5b43265a39f1cd487a8f78f835381cb9cb581e8c3de2730056ae7bb5712fb0e

  • SSDEEP

    3072:3x/Q1dYeyVyXFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2SUHcj/:h/Q1CAFaQ7W05AEezbMPZFzAy2Sc

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      bda9121d23eb12a438387cb5d08279fe63c4895836fe01600007b06239a7b19b

    • Size

      262KB

    • MD5

      1ae2d63509750380130d21bd036d9dd0

    • SHA1

      941edd6f8cf9a858e4b2cbb5c1d612fbcd800aaa

    • SHA256

      bda9121d23eb12a438387cb5d08279fe63c4895836fe01600007b06239a7b19b

    • SHA512

      b38c559752bb6a08de78de74a1506c1dbf2900b2b53cb3b1630ada0157d50092e5b43265a39f1cd487a8f78f835381cb9cb581e8c3de2730056ae7bb5712fb0e

    • SSDEEP

      3072:3x/Q1dYeyVyXFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2SUHcj/:h/Q1CAFaQ7W05AEezbMPZFzAy2Sc

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks