Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe

  • Size

    15.3MB

  • Sample

    231120-qhsplaha71

  • MD5

    ef9428407424cc578442727f6fe3bc5e

  • SHA1

    ba6599fbc6a77b1973b1e1b58e2a9cb0655467c0

  • SHA256

    5a4da54758f9a1a86f382cc9808e3f8e925376693555e9f834807ca352ca761c

  • SHA512

    c3a2a5ee6cd269fc86a49e8c5759e24074df0321a1e40c3eff2bedabaec074c253d9a43dfe4a0bfad03f50c8a5c0b70a8151826e77877d26b4e090bcb798e8e6

  • SSDEEP

    393216:CaFCt7regPFRhBfvhIq4zvAkXxj5dbwUWs6QxF6iu:RFcTP7LidzIwHTWlQxoz

Malware Config

Targets

    • Target

      SecuriteInfo.com.Trojan.PackedNET.2523.3156.15821.exe

    • Size

      15.3MB

    • MD5

      ef9428407424cc578442727f6fe3bc5e

    • SHA1

      ba6599fbc6a77b1973b1e1b58e2a9cb0655467c0

    • SHA256

      5a4da54758f9a1a86f382cc9808e3f8e925376693555e9f834807ca352ca761c

    • SHA512

      c3a2a5ee6cd269fc86a49e8c5759e24074df0321a1e40c3eff2bedabaec074c253d9a43dfe4a0bfad03f50c8a5c0b70a8151826e77877d26b4e090bcb798e8e6

    • SSDEEP

      393216:CaFCt7regPFRhBfvhIq4zvAkXxj5dbwUWs6QxF6iu:RFcTP7LidzIwHTWlQxoz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks