Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c68ce28314da27a47c76babcecc34110dda515ccce168ae7e1a244ab9deb87d

  • Size

    261KB

  • Sample

    230607-sdde8ace71

  • MD5

    cc4105d822890b98223c933e3b48cdd9

  • SHA1

    b9439db785c9a26302e9e15394354a845ab7444e

  • SHA256

    1c68ce28314da27a47c76babcecc34110dda515ccce168ae7e1a244ab9deb87d

  • SHA512

    98aa6ed61de19681c097ea157965f316e8b59cd234d32257a584a21847fd59478c63040cdd878dde0089a6c0e9b28febb1cf1039a4784f270acbc31c28578f99

  • SSDEEP

    3072:xhg7i1SNEWOtRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:XgW1eFaQ7W05AEezbMPZFzAy2yA

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      1c68ce28314da27a47c76babcecc34110dda515ccce168ae7e1a244ab9deb87d

    • Size

      261KB

    • MD5

      cc4105d822890b98223c933e3b48cdd9

    • SHA1

      b9439db785c9a26302e9e15394354a845ab7444e

    • SHA256

      1c68ce28314da27a47c76babcecc34110dda515ccce168ae7e1a244ab9deb87d

    • SHA512

      98aa6ed61de19681c097ea157965f316e8b59cd234d32257a584a21847fd59478c63040cdd878dde0089a6c0e9b28febb1cf1039a4784f270acbc31c28578f99

    • SSDEEP

      3072:xhg7i1SNEWOtRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:XgW1eFaQ7W05AEezbMPZFzAy2yA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks