Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0b33824a0fd5088fee3061fa79dc143331b05fcc7a3201b1d0d191d1bd8bb5c

  • Size

    514KB

  • Sample

    230826-lmjv2abb5z

  • MD5

    8bfc6ea2f5daffb1da6de7b92fdfbc0b

  • SHA1

    41ff36ed63936446e8165b96ac2d2f2514e6c353

  • SHA256

    a0b33824a0fd5088fee3061fa79dc143331b05fcc7a3201b1d0d191d1bd8bb5c

  • SHA512

    854ebdb2006f53a1ba6d59bd614ccdd01f77bcb8a7de74dafcf41f3eba3aebc94972def9ab3229827270126149fc2d06bb0a536348bd9c1d3be4a750e9af467b

  • SSDEEP

    6144:DahOFNURwDa61k2qHkZTMEgh8DuayuK6ShAZ169bkKZKG1SPXwDfotM5yoObMEKo:DiuH1E78jK6SPRgG1SPUotxQEbz1B

Malware Config

Targets

    • Target

      a0b33824a0fd5088fee3061fa79dc143331b05fcc7a3201b1d0d191d1bd8bb5c

    • Size

      514KB

    • MD5

      8bfc6ea2f5daffb1da6de7b92fdfbc0b

    • SHA1

      41ff36ed63936446e8165b96ac2d2f2514e6c353

    • SHA256

      a0b33824a0fd5088fee3061fa79dc143331b05fcc7a3201b1d0d191d1bd8bb5c

    • SHA512

      854ebdb2006f53a1ba6d59bd614ccdd01f77bcb8a7de74dafcf41f3eba3aebc94972def9ab3229827270126149fc2d06bb0a536348bd9c1d3be4a750e9af467b

    • SSDEEP

      6144:DahOFNURwDa61k2qHkZTMEgh8DuayuK6ShAZ169bkKZKG1SPXwDfotM5yoObMEKo:DiuH1E78jK6SPRgG1SPUotxQEbz1B

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks