Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7

  • Size

    412KB

  • Sample

    231011-2etchage7t

  • MD5

    44ac7f2fc213654a84bd9406e0ba9e2e

  • SHA1

    4ccea375b1b19eb1bacf4482835b499e9cfc24d2

  • SHA256

    0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7

  • SHA512

    11bd5e56c4add6f4eb1100066588de2d0d6fc26852d508ec22553e4fc9ca2f7d48cb9875a9b6434ee1f70a5137a2f3099b102df3959eb267c041b21311d79cfc

  • SSDEEP

    6144:r96hvxIcPJL8+5oprOCu5yzuAOGhr1Ld2Il85CU8MRE9Hwxqwq:r9EpIcPy+a6uu0h1Ld2IiCCawowq

Malware Config

Extracted

Family

redline

C2

194.169.175.232:45451

Attributes
  • auth_value

    277a7742ea9b1da2a636fb11c1abcacd

Targets

    • Target

      0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7

    • Size

      412KB

    • MD5

      44ac7f2fc213654a84bd9406e0ba9e2e

    • SHA1

      4ccea375b1b19eb1bacf4482835b499e9cfc24d2

    • SHA256

      0a05ea3f0b0429c68209691009a703936a558fdde0b270366b7d4b296e2ea6e7

    • SHA512

      11bd5e56c4add6f4eb1100066588de2d0d6fc26852d508ec22553e4fc9ca2f7d48cb9875a9b6434ee1f70a5137a2f3099b102df3959eb267c041b21311d79cfc

    • SSDEEP

      6144:r96hvxIcPJL8+5oprOCu5yzuAOGhr1Ld2Il85CU8MRE9Hwxqwq:r9EpIcPy+a6uu0h1Ld2IiCCawowq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks