Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    DawnLand6.exe

  • Size

    10.0MB

  • Sample

    230706-v9fassdf27

  • MD5

    9fa3180810afbbb9f999e5239027fdec

  • SHA1

    3c3610842d1bb832cf8a422714da529708a8e6ec

  • SHA256

    6b937ac8b7f889100cf86a34f74ff2fbdba7b072822026ab275d2a5ee6b7b650

  • SHA512

    04e411cd7114b0904576f33bcb02d876136a035fcbed5ec71728e426d0fbd37d8ee0896113036745bc452482771df918885b6b0e829c49b17bf46687bc9c47d8

  • SSDEEP

    3072:hca9VP4bW3TRHuTMGidsptIGT31qrIf//3x5cJKy9g/kdLUVgKuOiyb:hxP44Huwc31qrw/fx5uRdLAgKu58

Malware Config

Extracted

Family

redline

Botnet

DAwnLand

C2

212.113.116.143:23052

Attributes
  • auth_value

    8fc5b8d18171bebfcf117ba0aad639d2

Targets

    • Target

      DawnLand6.exe

    • Size

      10.0MB

    • MD5

      9fa3180810afbbb9f999e5239027fdec

    • SHA1

      3c3610842d1bb832cf8a422714da529708a8e6ec

    • SHA256

      6b937ac8b7f889100cf86a34f74ff2fbdba7b072822026ab275d2a5ee6b7b650

    • SHA512

      04e411cd7114b0904576f33bcb02d876136a035fcbed5ec71728e426d0fbd37d8ee0896113036745bc452482771df918885b6b0e829c49b17bf46687bc9c47d8

    • SSDEEP

      3072:hca9VP4bW3TRHuTMGidsptIGT31qrIf//3x5cJKy9g/kdLUVgKuOiyb:hxP44Huwc31qrw/fx5uRdLAgKu58

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks