Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    1.3MB

  • Sample

    230918-rychzscb89

  • MD5

    1ce53a6aa068aee91e137ddd8dc6d205

  • SHA1

    07676384b7f5ea40ee1dc628086af4bb92109101

  • SHA256

    2885c075025d864d3b77b91bd576e9d5fe83070ad742f31c27acc07bd3fb9955

  • SHA512

    0a9b91f38f1c3749916af5da9116fa98e6fdd7a4b8d14a53ce5ca4c968e68ba817bfc2d8535f7ff506bb44e67b0a35eb6fcd1ed4848add24dea53152829a4e72

  • SSDEEP

    24576:Lg1yLp0HmYObxpsiuw/88zk7sEI5tq96:cxHmYObkYvps

Malware Config

Extracted

Family

redline

Botnet

1006

C2

176.123.9.142:14845

Attributes
  • auth_value

    b5da80860b093905c2bba6f9377af704

Targets

    • Target

      file

    • Size

      1.3MB

    • MD5

      1ce53a6aa068aee91e137ddd8dc6d205

    • SHA1

      07676384b7f5ea40ee1dc628086af4bb92109101

    • SHA256

      2885c075025d864d3b77b91bd576e9d5fe83070ad742f31c27acc07bd3fb9955

    • SHA512

      0a9b91f38f1c3749916af5da9116fa98e6fdd7a4b8d14a53ce5ca4c968e68ba817bfc2d8535f7ff506bb44e67b0a35eb6fcd1ed4848add24dea53152829a4e72

    • SSDEEP

      24576:Lg1yLp0HmYObxpsiuw/88zk7sEI5tq96:cxHmYObkYvps

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks