Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a6c67445353ae59cb66249db005dd08e7e1eb2f578a3b336e70eba534c4cf712

  • Size

    282KB

  • Sample

    230608-a652tsaa33

  • MD5

    326a1c7535fc4788290c59cc84200e0d

  • SHA1

    b2c30db231fa97488a34976041dae89e0a7c5f43

  • SHA256

    a6c67445353ae59cb66249db005dd08e7e1eb2f578a3b336e70eba534c4cf712

  • SHA512

    f6c2379c64ba680a80b0f2d2fa2ab09e232f878a37716feb7ea7cf5c8432c8fa155656e4970f6c9cdd470352e3198ec3bb7ef73fa09f828f1164edfdf311fe24

  • SSDEEP

    6144:8QvoWvJr4XV3wvTygXUNVS4MGh1aBFrvz1xcxcWhcrt:8UNaKyR1aBFrvz1xcxdcrt

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      a6c67445353ae59cb66249db005dd08e7e1eb2f578a3b336e70eba534c4cf712

    • Size

      282KB

    • MD5

      326a1c7535fc4788290c59cc84200e0d

    • SHA1

      b2c30db231fa97488a34976041dae89e0a7c5f43

    • SHA256

      a6c67445353ae59cb66249db005dd08e7e1eb2f578a3b336e70eba534c4cf712

    • SHA512

      f6c2379c64ba680a80b0f2d2fa2ab09e232f878a37716feb7ea7cf5c8432c8fa155656e4970f6c9cdd470352e3198ec3bb7ef73fa09f828f1164edfdf311fe24

    • SSDEEP

      6144:8QvoWvJr4XV3wvTygXUNVS4MGh1aBFrvz1xcxcWhcrt:8UNaKyR1aBFrvz1xcxdcrt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks