Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Solara X.exe

  • Size

    621KB

  • Sample

    240514-15ljxabe65

  • MD5

    1e536c847123313a6e252dd5a5d48a5d

  • SHA1

    bac2343eb16adae849200a806de69feaa33e9723

  • SHA256

    8240313dbd2ede98273fe7f6e32bff11d308b303cce509d6c6f4270f82b9be04

  • SHA512

    8f39905a2aa99595a1d081c558656eeade2f67e01d9c4cef7fa0d964f525d3ab1c7902393c963c07f70cccc1eac58a529569abd9b90ab51283687502537763c8

  • SSDEEP

    12288:0YXlzuhD4WzJCQ/iGwbAYjqoAyB6Mh1g6B88hA9reI6hrAftl3qui54nN++pI4zr:0YVTcLiGhoAyoMX

Malware Config

Extracted

Family

redline

C2

194.26.232.43:20746

Targets

    • Target

      Solara X.exe

    • Size

      621KB

    • MD5

      1e536c847123313a6e252dd5a5d48a5d

    • SHA1

      bac2343eb16adae849200a806de69feaa33e9723

    • SHA256

      8240313dbd2ede98273fe7f6e32bff11d308b303cce509d6c6f4270f82b9be04

    • SHA512

      8f39905a2aa99595a1d081c558656eeade2f67e01d9c4cef7fa0d964f525d3ab1c7902393c963c07f70cccc1eac58a529569abd9b90ab51283687502537763c8

    • SSDEEP

      12288:0YXlzuhD4WzJCQ/iGwbAYjqoAyB6Mh1g6B88hA9reI6hrAftl3qui54nN++pI4zr:0YVTcLiGhoAyoMX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks