Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file

  • Size

    1.1MB

  • Sample

    231116-skjktacf39

  • MD5

    f1269255ba88a71955f1ccc2d4576629

  • SHA1

    c13a7009925d564d57d0386386df162287529f50

  • SHA256

    7fe58a57ec935872f4c4d04330cd28bed9ad7838ab7f06722505c04c72eab0a1

  • SHA512

    81d893205522e2e338aefe341bc5e38201cb2a6b2085e9ff28d2b70b0060975a5e1fca21cea397be11794402ab1e477c181c0d067d377a0fcbe220e61c89fd46

  • SSDEEP

    24576:gYzarSx8Xfg+g+tHNbGaqn4/VzSCwU7iG+xFa:gKx8Xfg+g+tHV/H7iGCFa

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (Telegram: @logsdillabot)

C2

194.49.94.142:41292

Targets

    • Target

      file

    • Size

      1.1MB

    • MD5

      f1269255ba88a71955f1ccc2d4576629

    • SHA1

      c13a7009925d564d57d0386386df162287529f50

    • SHA256

      7fe58a57ec935872f4c4d04330cd28bed9ad7838ab7f06722505c04c72eab0a1

    • SHA512

      81d893205522e2e338aefe341bc5e38201cb2a6b2085e9ff28d2b70b0060975a5e1fca21cea397be11794402ab1e477c181c0d067d377a0fcbe220e61c89fd46

    • SSDEEP

      24576:gYzarSx8Xfg+g+tHNbGaqn4/VzSCwU7iG+xFa:gKx8Xfg+g+tHV/H7iGCFa

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks