Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    28f1280949ef97bce89613462bf5ebb3edd429cad46ebc1af6db9f3157cb787c

  • Size

    261KB

  • Sample

    230607-tjg62adb7v

  • MD5

    303dc798316f7c2d2d7a4dfc50311f2c

  • SHA1

    46735a3be51b8145119edd4c65ab57cb99080d58

  • SHA256

    28f1280949ef97bce89613462bf5ebb3edd429cad46ebc1af6db9f3157cb787c

  • SHA512

    9cf803eed1d315ed5f75c93df7159103b727ce42d72a9587c9aa5bd3cc738b5fe8cb0a8ecbf0349d7a478e827aaaa6a24012f647ff656ffce53fee0d85df1234

  • SSDEEP

    3072:2hg7Fd1x+JRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:ygZd11FaQ7W05AEezbMPZFzAy2yA

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      28f1280949ef97bce89613462bf5ebb3edd429cad46ebc1af6db9f3157cb787c

    • Size

      261KB

    • MD5

      303dc798316f7c2d2d7a4dfc50311f2c

    • SHA1

      46735a3be51b8145119edd4c65ab57cb99080d58

    • SHA256

      28f1280949ef97bce89613462bf5ebb3edd429cad46ebc1af6db9f3157cb787c

    • SHA512

      9cf803eed1d315ed5f75c93df7159103b727ce42d72a9587c9aa5bd3cc738b5fe8cb0a8ecbf0349d7a478e827aaaa6a24012f647ff656ffce53fee0d85df1234

    • SSDEEP

      3072:2hg7Fd1x+JRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:ygZd11FaQ7W05AEezbMPZFzAy2yA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks