Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    310KB

  • Sample

    230930-wjkm9sga28

  • MD5

    65eb3f22c36f9029ad00888f82ed044c

  • SHA1

    e55eefde82489f92064f486101d4679152bd4eed

  • SHA256

    34bdbd14e1d6cb007b01e6c63a2657d0bfd7a1aebbde88a934e81d0ad5b4dde3

  • SHA512

    3520f041842c4872e949a27f455cd1cc93ce99b4f87102260d85c2c847f681a2b0654ea97d747c8d1c177cbe4944f2706a4c037d724ace277e55ad9a670842b3

  • SSDEEP

    6144:Whb1kQRrux0TLqBCXcWyIAHZj14mXzGrLKBvWjTaz18Fj:WvkQRru0XcWyIqGrLSvWDj

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

146.59.10.173:45035

Attributes
  • auth_value

    c2955ed3813a798683a185a82e949f88

Targets

    • Target

      file

    • Size

      310KB

    • MD5

      65eb3f22c36f9029ad00888f82ed044c

    • SHA1

      e55eefde82489f92064f486101d4679152bd4eed

    • SHA256

      34bdbd14e1d6cb007b01e6c63a2657d0bfd7a1aebbde88a934e81d0ad5b4dde3

    • SHA512

      3520f041842c4872e949a27f455cd1cc93ce99b4f87102260d85c2c847f681a2b0654ea97d747c8d1c177cbe4944f2706a4c037d724ace277e55ad9a670842b3

    • SSDEEP

      6144:Whb1kQRrux0TLqBCXcWyIAHZj14mXzGrLKBvWjTaz18Fj:WvkQRru0XcWyIqGrLSvWDj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks