Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    72af625932fb9400a6661a6bde830518.exe

  • Size

    1.8MB

  • Sample

    230822-paay5sca76

  • MD5

    72af625932fb9400a6661a6bde830518

  • SHA1

    5e8a5fa07bf51e226272e8fc6a209b870475f744

  • SHA256

    ffec60c04fbfc5fc53b99a9133d7e4432125622f25605ec0d94a413548a48e17

  • SHA512

    ab47024f63b58e98e06bf2ad4ca22e7519de8b5ff195c8f349c55edfa4fc484c525560595f362ab3c20dc157bed884444d8eb7b7277ea2c71c90fc5389eff865

  • SSDEEP

    24576:TdgvYOmxjN9cDk+OeOxrV/JHaX16tK95IBJd:TdrxjN9cDhOeaJHm1609m

Malware Config

Targets

    • Target

      72af625932fb9400a6661a6bde830518.exe

    • Size

      1.8MB

    • MD5

      72af625932fb9400a6661a6bde830518

    • SHA1

      5e8a5fa07bf51e226272e8fc6a209b870475f744

    • SHA256

      ffec60c04fbfc5fc53b99a9133d7e4432125622f25605ec0d94a413548a48e17

    • SHA512

      ab47024f63b58e98e06bf2ad4ca22e7519de8b5ff195c8f349c55edfa4fc484c525560595f362ab3c20dc157bed884444d8eb7b7277ea2c71c90fc5389eff865

    • SSDEEP

      24576:TdgvYOmxjN9cDk+OeOxrV/JHaX16tK95IBJd:TdrxjN9cDhOeaJHm1609m

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks