Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    adebd45c1901832a177c42939ca150650654bb93ffd0f9107aa2a2a8aa7944bf

  • Size

    309KB

  • Sample

    230608-l2ngrsdh74

  • MD5

    64ef2ac8686980b6cd4da3377d141e2e

  • SHA1

    9e5aa828e8bd7df99d456e89d9849b28a020a5a5

  • SHA256

    adebd45c1901832a177c42939ca150650654bb93ffd0f9107aa2a2a8aa7944bf

  • SHA512

    c13984782da37dea95c2e92bcaabc26e40d28bd88172c2bbcc04288e4c11885b1bb1c52b2e391f0cae51308a407cf96347b99b85395811d6aa968d0af04b52d8

  • SSDEEP

    6144:RD5k3As3xmy6FyVwvTygXUNVS4MGh1aBFrvz1xcxc7o0:RD2UyhyyR1aBFrvz1xcxh0

Malware Config

Extracted

Family

redline

Botnet

sheron

C2

83.97.73.129:19068

Attributes
  • auth_value

    2d067e7e2372227d3a03b335260112e9

Targets

    • Target

      adebd45c1901832a177c42939ca150650654bb93ffd0f9107aa2a2a8aa7944bf

    • Size

      309KB

    • MD5

      64ef2ac8686980b6cd4da3377d141e2e

    • SHA1

      9e5aa828e8bd7df99d456e89d9849b28a020a5a5

    • SHA256

      adebd45c1901832a177c42939ca150650654bb93ffd0f9107aa2a2a8aa7944bf

    • SHA512

      c13984782da37dea95c2e92bcaabc26e40d28bd88172c2bbcc04288e4c11885b1bb1c52b2e391f0cae51308a407cf96347b99b85395811d6aa968d0af04b52d8

    • SSDEEP

      6144:RD5k3As3xmy6FyVwvTygXUNVS4MGh1aBFrvz1xcxc7o0:RD2UyhyyR1aBFrvz1xcxh0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks