Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    2.3MB

  • Sample

    230805-1rmj2seh57

  • MD5

    f28730f469220391b679e575a48ddb0b

  • SHA1

    d5863273efdb0e7e61007c4907441ce957e4f98a

  • SHA256

    c0de3820d44c7aebc56f12be217cab5c5b758344750e73e1288f42e0f373f038

  • SHA512

    667ed7bf96fa21b992889c02d95e2076e8417a7617b7767049a2c87ed668e1c189ecfc3c302d30b7a202d9abb93d8320a532ba018ff382bcb98cc96e53fe1327

  • SSDEEP

    49152:VakDcq59geuk/NJW1BN0gQcI3EahBrZPTaZzn0WI78:09q5taPygQcI3EahBrNY/r

Malware Config

Extracted

Family

redline

Botnet

1

C2

45.88.3.253:26313

Attributes
  • auth_value

    7280f9eb4f47693041f9f7d1fafe3acf

Targets

    • Target

      file

    • Size

      2.3MB

    • MD5

      f28730f469220391b679e575a48ddb0b

    • SHA1

      d5863273efdb0e7e61007c4907441ce957e4f98a

    • SHA256

      c0de3820d44c7aebc56f12be217cab5c5b758344750e73e1288f42e0f373f038

    • SHA512

      667ed7bf96fa21b992889c02d95e2076e8417a7617b7767049a2c87ed668e1c189ecfc3c302d30b7a202d9abb93d8320a532ba018ff382bcb98cc96e53fe1327

    • SSDEEP

      49152:VakDcq59geuk/NJW1BN0gQcI3EahBrZPTaZzn0WI78:09q5taPygQcI3EahBrNY/r

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks