Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6b11e77eee3f401356c240303da1b819ec0b12fb82bfb.exe

  • Size

    7.3MB

  • Sample

    230825-h9hppsbd9z

  • MD5

    7278b6ce3ddda7dba2473e0392e54ea6

  • SHA1

    3b406f221237fe9bfce48daa9033eda93ecc9b94

  • SHA256

    6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49

  • SHA512

    02a8d04d327757e3d9df6de2d14b5e2143e01798bf25a51e32555afeac494ae64f66fd5493a9ce28ce850be48c6febe264c61330e67391c694fd910a99247f72

  • SSDEEP

    196608:+dgX4LVznF3zQgkIRflnOzSc4pGRo9Jvy:3UzdzqIRtnYSi6zvy

Malware Config

Extracted

Family

redline

Botnet

metafile

C2

91.103.252.39:7899

Attributes
  • auth_value

    9ac6dc6d653e5268fd38b21a0ec2b458

Targets

    • Target

      6b11e77eee3f401356c240303da1b819ec0b12fb82bfb.exe

    • Size

      7.3MB

    • MD5

      7278b6ce3ddda7dba2473e0392e54ea6

    • SHA1

      3b406f221237fe9bfce48daa9033eda93ecc9b94

    • SHA256

      6b11e77eee3f401356c240303da1b819ec0b12fb82bfb6ac5f3a1b08a00f3d49

    • SHA512

      02a8d04d327757e3d9df6de2d14b5e2143e01798bf25a51e32555afeac494ae64f66fd5493a9ce28ce850be48c6febe264c61330e67391c694fd910a99247f72

    • SSDEEP

      196608:+dgX4LVznF3zQgkIRflnOzSc4pGRo9Jvy:3UzdzqIRtnYSi6zvy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks