Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b4cce194f3c5177774b80978aedbebcb31515f4546b49d2795678e367e95aa05

  • Size

    1.1MB

  • Sample

    231016-te5rjabg78

  • MD5

    d3b303185713f8e3c9bb9c644eeec0a9

  • SHA1

    d7215b668aeeb966fc756f7a69f201724f6f26e9

  • SHA256

    b4cce194f3c5177774b80978aedbebcb31515f4546b49d2795678e367e95aa05

  • SHA512

    5447af64d99dc077f1ab5b732935fecfa20ac6bc4d3622ccb357b3b270246a54e2c4a5484cbf8d0e6e22c017cbd248ca83bd3d266281f61cba358192eebef28e

  • SSDEEP

    24576:nZFJWFMMh4jlauPGM1qXuC4ezHYDr1WwsMSq:nZ9Mh4jlNPToDMvcPH

Malware Config

Extracted

Family

redline

Botnet

Installs3000_20231016

C2

62.72.23.19:80

Targets

    • Target

      b4cce194f3c5177774b80978aedbebcb31515f4546b49d2795678e367e95aa05

    • Size

      1.1MB

    • MD5

      d3b303185713f8e3c9bb9c644eeec0a9

    • SHA1

      d7215b668aeeb966fc756f7a69f201724f6f26e9

    • SHA256

      b4cce194f3c5177774b80978aedbebcb31515f4546b49d2795678e367e95aa05

    • SHA512

      5447af64d99dc077f1ab5b732935fecfa20ac6bc4d3622ccb357b3b270246a54e2c4a5484cbf8d0e6e22c017cbd248ca83bd3d266281f61cba358192eebef28e

    • SSDEEP

      24576:nZFJWFMMh4jlauPGM1qXuC4ezHYDr1WwsMSq:nZ9Mh4jlNPToDMvcPH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks