Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    be8289a102bbd49e9e63e3b1b332d6bc2455cc22d405c9a57e7c8af7eaa77ac2

  • Size

    282KB

  • Sample

    230608-bbb1yaaa78

  • MD5

    b98d773562dd834e2c53c3f5f71e335e

  • SHA1

    c90de73fa87e4c2ab070553193703be19f0aba23

  • SHA256

    be8289a102bbd49e9e63e3b1b332d6bc2455cc22d405c9a57e7c8af7eaa77ac2

  • SHA512

    134f34e1b2900d82e129d0f75899b41ed8eb69b014bb3ebf979386fd5f7da4cd891ef47361a14292247b6782fd7a52221f136b091fadb620fa2fc634e0ac6e13

  • SSDEEP

    6144:4QvoWvJuXZpxwvTygXUNVS4MGh1aBFrvz1xcxcWhirt:4UcJEyR1aBFrvz1xcxdirt

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      be8289a102bbd49e9e63e3b1b332d6bc2455cc22d405c9a57e7c8af7eaa77ac2

    • Size

      282KB

    • MD5

      b98d773562dd834e2c53c3f5f71e335e

    • SHA1

      c90de73fa87e4c2ab070553193703be19f0aba23

    • SHA256

      be8289a102bbd49e9e63e3b1b332d6bc2455cc22d405c9a57e7c8af7eaa77ac2

    • SHA512

      134f34e1b2900d82e129d0f75899b41ed8eb69b014bb3ebf979386fd5f7da4cd891ef47361a14292247b6782fd7a52221f136b091fadb620fa2fc634e0ac6e13

    • SSDEEP

      6144:4QvoWvJuXZpxwvTygXUNVS4MGh1aBFrvz1xcxcWhirt:4UcJEyR1aBFrvz1xcxdirt

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks