Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    1.7MB

  • Sample

    231003-x5sfnshb29

  • MD5

    46a22f0849344f152364d921c3c28435

  • SHA1

    44fb399a95aaddd99270fe73a8705f53c0f73b72

  • SHA256

    1041ffa7fe11147bca657c7f9b58b76a63fab9bedd01e37726e7a5f9df72aed2

  • SHA512

    a992ece8155f66b7d3ccf801961ae69af857dc7366bf096805700ce69e5305867db9c5b346074e14d83292daa7a72be5c2becf58565305684adc3bb9f0942e32

  • SSDEEP

    24576:WwzT5gWn2HsJRx/6a9DhvhSCPhwtzZc7m6fgA7:dx/6a3vtqtu7m6

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      1.7MB

    • MD5

      46a22f0849344f152364d921c3c28435

    • SHA1

      44fb399a95aaddd99270fe73a8705f53c0f73b72

    • SHA256

      1041ffa7fe11147bca657c7f9b58b76a63fab9bedd01e37726e7a5f9df72aed2

    • SHA512

      a992ece8155f66b7d3ccf801961ae69af857dc7366bf096805700ce69e5305867db9c5b346074e14d83292daa7a72be5c2becf58565305684adc3bb9f0942e32

    • SSDEEP

      24576:WwzT5gWn2HsJRx/6a9DhvhSCPhwtzZc7m6fgA7:dx/6a3vtqtu7m6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks