Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ORDER QUOTATION LIST.pdf.exe

  • Size

    837KB

  • Sample

    230822-tf7mhsdd64

  • MD5

    00b7354438e3a2483c5c4e0c52d10f7e

  • SHA1

    c1c3b90b1cf7541abd6bd9f098811c368078ed0b

  • SHA256

    ba85db2614120d1e5b26b4c89847f219317a823bf1e3382cb379666677b0a8fe

  • SHA512

    0e1dfb63dd23f508d6d82c89a62618071be5ba3b4b88b4645951c054b96c15ce7e9676976670147a720369f161d554d4af986749e4c3e12f73b1d2954c98a863

  • SSDEEP

    24576:/DkUNi1EvGEW93Gtx1Lhrds4t+whW2ANQyj:/DkUrOEW9GLhds4tdUGs

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

54.37.0.50:55615

Targets

    • Target

      ORDER QUOTATION LIST.pdf.exe

    • Size

      837KB

    • MD5

      00b7354438e3a2483c5c4e0c52d10f7e

    • SHA1

      c1c3b90b1cf7541abd6bd9f098811c368078ed0b

    • SHA256

      ba85db2614120d1e5b26b4c89847f219317a823bf1e3382cb379666677b0a8fe

    • SHA512

      0e1dfb63dd23f508d6d82c89a62618071be5ba3b4b88b4645951c054b96c15ce7e9676976670147a720369f161d554d4af986749e4c3e12f73b1d2954c98a863

    • SSDEEP

      24576:/DkUNi1EvGEW93Gtx1Lhrds4t+whW2ANQyj:/DkUrOEW9GLhds4tdUGs

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks