Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Setup.exe

  • Size

    591KB

  • Sample

    231126-z546kscd61

  • MD5

    a2504fdee11217ac13b7cb81739eca7e

  • SHA1

    9ff301cdee5718fe5e8f255db35f221bdeb13323

  • SHA256

    c7ea2248544df93fd2e80967891293e26b594f3ad5f09f54b830c0e5d3c93f8d

  • SHA512

    1a83fe83b95993bb674626498e25ec5e7412511d84e61437b122a57a875420bd0dc91b64f90736a88ee2d3b867fa888bbd0ab0b193800efb9dc437a9487c71be

  • SSDEEP

    6144:PyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAOJFO+unwOlkYv454zahw40U+j5akaV2:PyU1K9pv6RZH8y5gahHuaVIEipKb66G

Malware Config

Targets

    • Target

      Setup.exe

    • Size

      591KB

    • MD5

      a2504fdee11217ac13b7cb81739eca7e

    • SHA1

      9ff301cdee5718fe5e8f255db35f221bdeb13323

    • SHA256

      c7ea2248544df93fd2e80967891293e26b594f3ad5f09f54b830c0e5d3c93f8d

    • SHA512

      1a83fe83b95993bb674626498e25ec5e7412511d84e61437b122a57a875420bd0dc91b64f90736a88ee2d3b867fa888bbd0ab0b193800efb9dc437a9487c71be

    • SSDEEP

      6144:PyU1zKCKVDp3Cbitu7gJzmgkYUDBg8ZHAOJFO+unwOlkYv454zahw40U+j5akaV2:PyU1K9pv6RZH8y5gahHuaVIEipKb66G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks