Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    SoftWare(2).exe

  • Size

    840KB

  • Sample

    240514-ncsrasdb7v

  • MD5

    178247452a0628dbce6775856b60b8e1

  • SHA1

    1b42237189d9cb387289e5855e944b6ce51fa196

  • SHA256

    688e9194015474b2c60e05675236295677fbde46e4e471f3048ce1c5f9ed1c12

  • SHA512

    c21c4422f701667c5a14dc5bc1f5bcabbecc3e9c69b04e4d03c010290abc50b469791e117c9a2f1d81bb52d81684cafa32c2bc454e880bedff8ed621f8bdb3a6

  • SSDEEP

    12288:NM9nSH9BVtFceGDLlxp7zsd9WqdkMX8run2b5518ycw8ctT1U5pRU0PnDQ0gKgw8:NK+/tFceG/Xp7zsWqGQ+bj

Malware Config

Extracted

Family

redline

C2

194.26.232.43:20746

Targets

    • Target

      SoftWare(2).exe

    • Size

      840KB

    • MD5

      178247452a0628dbce6775856b60b8e1

    • SHA1

      1b42237189d9cb387289e5855e944b6ce51fa196

    • SHA256

      688e9194015474b2c60e05675236295677fbde46e4e471f3048ce1c5f9ed1c12

    • SHA512

      c21c4422f701667c5a14dc5bc1f5bcabbecc3e9c69b04e4d03c010290abc50b469791e117c9a2f1d81bb52d81684cafa32c2bc454e880bedff8ed621f8bdb3a6

    • SSDEEP

      12288:NM9nSH9BVtFceGDLlxp7zsd9WqdkMX8run2b5518ycw8ctT1U5pRU0PnDQ0gKgw8:NK+/tFceG/Xp7zsWqGQ+bj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks