Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.0MB

  • Sample

    230920-mwnq1sfg9t

  • MD5

    c44085d4f410b0335bfd853629159a98

  • SHA1

    6de766aca6eea98ddd1ac940c8110ef83c6df94b

  • SHA256

    63cebbe380cf99272e0d8eb7a3ed9b84633a3eaa048484ab83019b570e711383

  • SHA512

    2cbb0d64464c56fdaae34f77a2eb0f624b5ce7eb5c558d8d9104e1ae7d79f18bd1405bacca33737213ea37bc715c51629fd67a5ae3cea705f82800ea6f419d14

  • SSDEEP

    12288:AsDd2dAHOvLBwvJ5ykrqJd0YSFYvtZ4tGxHXm0luGwGKblxzxDBA4Aa5ou:1J2dAHOvLBwvjYSIYkX4lfd75B

Malware Config

Extracted

Family

redline

Botnet

smokiez

C2

194.169.175.232:45450

Attributes
  • auth_value

    7b7d8a036038ab89b98f422d559b4f8f

Targets

    • Target

      file.exe

    • Size

      1.0MB

    • MD5

      c44085d4f410b0335bfd853629159a98

    • SHA1

      6de766aca6eea98ddd1ac940c8110ef83c6df94b

    • SHA256

      63cebbe380cf99272e0d8eb7a3ed9b84633a3eaa048484ab83019b570e711383

    • SHA512

      2cbb0d64464c56fdaae34f77a2eb0f624b5ce7eb5c558d8d9104e1ae7d79f18bd1405bacca33737213ea37bc715c51629fd67a5ae3cea705f82800ea6f419d14

    • SSDEEP

      12288:AsDd2dAHOvLBwvJ5ykrqJd0YSFYvtZ4tGxHXm0luGwGKblxzxDBA4Aa5ou:1J2dAHOvLBwvjYSIYkX4lfd75B

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks