Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90

  • Size

    282KB

  • Sample

    230608-dmsh6sbd27

  • MD5

    860d496d086599d34eb06dcbc9dccf4f

  • SHA1

    522ddd33a271a32043d592a031807c1065f7fc18

  • SHA256

    dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90

  • SHA512

    948a781cc334f041a1efb205ce2376b6332d26af5331288c8798c25a618b967ce028645141fd3f27c8f742d44f92a29b03870e3c19d644a75116464833a10670

  • SSDEEP

    6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:lUwMyR1aBFrvz1xcxdart

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90

    • Size

      282KB

    • MD5

      860d496d086599d34eb06dcbc9dccf4f

    • SHA1

      522ddd33a271a32043d592a031807c1065f7fc18

    • SHA256

      dbc42504ba92e1e16dd5b455f049fc3be8b11c92a1637a9733b186ee00ad5b90

    • SHA512

      948a781cc334f041a1efb205ce2376b6332d26af5331288c8798c25a618b967ce028645141fd3f27c8f742d44f92a29b03870e3c19d644a75116464833a10670

    • SSDEEP

      6144:lQvoWvJwPfPwvTygXUNVS4MGh1aBFrvz1xcxcWhart:lUwMyR1aBFrvz1xcxdart

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks