Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a14b4638a03b1aed3940efe11f1e378d.exe

  • Size

    261KB

  • Sample

    230607-xf5dyafa4y

  • MD5

    a14b4638a03b1aed3940efe11f1e378d

  • SHA1

    a571155a2f23d0f585031eddf2bcaa9e64e265dd

  • SHA256

    25e0680b5662e36ea3319eff62390153427d097238004d4b3326e793f078e3c3

  • SHA512

    70c23b27bae8099b3b652775544688deb2d3174efb997c4a59e71f6c0f1ff28c9087aca40dab16f1b28e6006c0cdd75bc73f39bac2b6b286b993e499c550c642

  • SSDEEP

    3072:Dhg73zv1GOdRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:1g/v1yFaQ7W05AEezbMPZFzAy2yA

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      a14b4638a03b1aed3940efe11f1e378d.exe

    • Size

      261KB

    • MD5

      a14b4638a03b1aed3940efe11f1e378d

    • SHA1

      a571155a2f23d0f585031eddf2bcaa9e64e265dd

    • SHA256

      25e0680b5662e36ea3319eff62390153427d097238004d4b3326e793f078e3c3

    • SHA512

      70c23b27bae8099b3b652775544688deb2d3174efb997c4a59e71f6c0f1ff28c9087aca40dab16f1b28e6006c0cdd75bc73f39bac2b6b286b993e499c550c642

    • SSDEEP

      3072:Dhg73zv1GOdRyHFaQ7RQ05CTEezbClXv8r8+oFe6gobFHFzA+E+2yQHcj/:1g/v1yFaQ7W05AEezbMPZFzAy2yA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks