Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad

  • Size

    261KB

  • Sample

    230607-svttjacb87

  • MD5

    db20d2f7f225976a4e739d20d9dad826

  • SHA1

    17126d407243ab31ef1617193ac832e29455bf03

  • SHA256

    a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad

  • SHA512

    92b89109a449d0fe58c145e10ba94c713fd48aecf47f2f85983e08141ffe5d3874e8a994b06aeab662459b9e55a62feafe1addf2a9e0bcfda8eab6066f34117a

  • SSDEEP

    3072:khg7I71MeSRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:Mgo1lFaQ7W05AEezbMPZFzAy2yA

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad

    • Size

      261KB

    • MD5

      db20d2f7f225976a4e739d20d9dad826

    • SHA1

      17126d407243ab31ef1617193ac832e29455bf03

    • SHA256

      a4d8c00d9a9b330b64909ee1138354de9197ba8580927f606f31924cd8a1e1ad

    • SHA512

      92b89109a449d0fe58c145e10ba94c713fd48aecf47f2f85983e08141ffe5d3874e8a994b06aeab662459b9e55a62feafe1addf2a9e0bcfda8eab6066f34117a

    • SSDEEP

      3072:khg7I71MeSRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:Mgo1lFaQ7W05AEezbMPZFzAy2yA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks