Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3f5bb3fc080ece9c6f87004c4f0b052a.bin

  • Size

    316KB

  • Sample

    230831-bqnchscb66

  • MD5

    239993c4d03a484f72cd9273f58073e6

  • SHA1

    dd19f1f05c7a495b0fbab5d49be3566de78313d8

  • SHA256

    877295a024136906d601c165783186d49b1d175b81a6caa99851eee3e35486c8

  • SHA512

    0d5c9b9bbeba115a568354ceeba28f813d7ad91bea7886dd7419df4aa30a3fdbc8554a2fa9e6221e819a1fed709f7f77315a3d9363c46db8b82b1e0e6a7c57cb

  • SSDEEP

    6144:uFyx4iKJ+FWIZPQZrIK2/DePLGyTfLH0sVAojOSEOcKrT5yNGPvcBQXVy:uJnBZUKHLGMzUiA2Oud08I

Malware Config

Extracted

Family

redline

Botnet

1149276168_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

    • Target

      e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0.exe

    • Size

      482KB

    • MD5

      3f5bb3fc080ece9c6f87004c4f0b052a

    • SHA1

      286da433d2ab965c7ac94a9ab8838ed74c5e5ee3

    • SHA256

      e1c5d328eaf0228e5d1ae9bf8ef3d6bf734f88dfb411cb5afa25d15f1f023ab0

    • SHA512

      3dc0489ced9d15d485d0bf3a2c007841238691705e73e1d8a0549ec09e2b9e66488d953207c81cfea2ba1171d61a512a10c3f2bada8c5febdf2155f0c6c792a3

    • SSDEEP

      12288:qubsNSOetfARQAPyGUfT+tkrhWJNOnMv77:qubsnafAPyjZrgnv77

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks