Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9d46f19ed7d03ccb640e5c9a0d4c6366d4996241d9f7fdf19438d917cfc7bfb7

  • Size

    282KB

  • Sample

    230608-cmq5nsag82

  • MD5

    5da1708c0b6f0135f27263a38eb66bcb

  • SHA1

    86c0c55c06c2ee3795905af3cda2a8f9028ae5f0

  • SHA256

    9d46f19ed7d03ccb640e5c9a0d4c6366d4996241d9f7fdf19438d917cfc7bfb7

  • SHA512

    11ed64892e6216049f668c2af85d8cee0c415159adaa1727ddb50854725d99bab672253561b92fcaebdf7d2ee122223296964c5dbaa404c017442af70fe1ef39

  • SSDEEP

    6144:XQvoWvJxQXjwvTygXUNVS4MGh1aBFrvz1xcxcWhUrtd:XU04yR1aBFrvz1xcxdUrtd

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      9d46f19ed7d03ccb640e5c9a0d4c6366d4996241d9f7fdf19438d917cfc7bfb7

    • Size

      282KB

    • MD5

      5da1708c0b6f0135f27263a38eb66bcb

    • SHA1

      86c0c55c06c2ee3795905af3cda2a8f9028ae5f0

    • SHA256

      9d46f19ed7d03ccb640e5c9a0d4c6366d4996241d9f7fdf19438d917cfc7bfb7

    • SHA512

      11ed64892e6216049f668c2af85d8cee0c415159adaa1727ddb50854725d99bab672253561b92fcaebdf7d2ee122223296964c5dbaa404c017442af70fe1ef39

    • SSDEEP

      6144:XQvoWvJxQXjwvTygXUNVS4MGh1aBFrvz1xcxcWhUrtd:XU04yR1aBFrvz1xcxdUrtd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks