Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6cf6982c96f7245e3e91d68bc9b273474c877cd08f22d9033a8640919aab5d0b

  • Size

    282KB

  • Sample

    230608-el73xabg84

  • MD5

    d01e4cd36a49b02fbc18897c62cb514d

  • SHA1

    288f9e0c6b8d7985e9937c1dacf5cf77cfaa8cf4

  • SHA256

    6cf6982c96f7245e3e91d68bc9b273474c877cd08f22d9033a8640919aab5d0b

  • SHA512

    ff99488a94d5e4eca700c7ec01524202a65b7cac0a33c0618758faa05680792652a07e4c83a441ffb8f13abb1f0b20eafe62fbb82e0803f55b0f54f26b99d401

  • SSDEEP

    6144:/QvoWvJtO8QwvTygXUNVS4MGh1aBFrvz1xcxcWhOrtn:/UCayR1aBFrvz1xcxdOrtn

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      6cf6982c96f7245e3e91d68bc9b273474c877cd08f22d9033a8640919aab5d0b

    • Size

      282KB

    • MD5

      d01e4cd36a49b02fbc18897c62cb514d

    • SHA1

      288f9e0c6b8d7985e9937c1dacf5cf77cfaa8cf4

    • SHA256

      6cf6982c96f7245e3e91d68bc9b273474c877cd08f22d9033a8640919aab5d0b

    • SHA512

      ff99488a94d5e4eca700c7ec01524202a65b7cac0a33c0618758faa05680792652a07e4c83a441ffb8f13abb1f0b20eafe62fbb82e0803f55b0f54f26b99d401

    • SSDEEP

      6144:/QvoWvJtO8QwvTygXUNVS4MGh1aBFrvz1xcxcWhOrtn:/UCayR1aBFrvz1xcxdOrtn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks