Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0670c6cac5eae39538b6dd0941a29155d3d1bfab1f08e07ca1a1f0e4b6a4fc50

  • Size

    261KB

  • Sample

    230607-rmfq9sca8y

  • MD5

    29d077e4e9b6e5f190b0df43141e47e5

  • SHA1

    f7a68cb575d45f625afffadb473680d1dd47dd8b

  • SHA256

    0670c6cac5eae39538b6dd0941a29155d3d1bfab1f08e07ca1a1f0e4b6a4fc50

  • SHA512

    a1ff348564154e5fd4158465ae641eb22d3029540554f54e3d568749d4113393e57deb99dee5989ba198eafa070cef32743d2787faa147e2782c1699c9671e77

  • SSDEEP

    3072:Ghg7FG1X+lRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:igpG1HFaQ7W05AEezbMPZFzAy2yA

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      0670c6cac5eae39538b6dd0941a29155d3d1bfab1f08e07ca1a1f0e4b6a4fc50

    • Size

      261KB

    • MD5

      29d077e4e9b6e5f190b0df43141e47e5

    • SHA1

      f7a68cb575d45f625afffadb473680d1dd47dd8b

    • SHA256

      0670c6cac5eae39538b6dd0941a29155d3d1bfab1f08e07ca1a1f0e4b6a4fc50

    • SHA512

      a1ff348564154e5fd4158465ae641eb22d3029540554f54e3d568749d4113393e57deb99dee5989ba198eafa070cef32743d2787faa147e2782c1699c9671e77

    • SSDEEP

      3072:Ghg7FG1X+lRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:igpG1HFaQ7W05AEezbMPZFzAy2yA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks