Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    602a4ddfabfe7c1b5fa31290e5295a89.bin

  • Size

    124KB

  • Sample

    240705-cb94easbpe

  • MD5

    23d5e75f49c5e3d3d78a77f34e318bd5

  • SHA1

    fd25302a55348cec9a74182f0d93e1c3ceddba90

  • SHA256

    025c50dc386c2be79d51d68465d02c97887696b9308af622b169cc51f6c55aa4

  • SHA512

    a5cd8d24c541b6983fc9507cda3760faa1215c1fcf3f5cae817e0970d5b87f95662202808fb4ffb5e119a9e0b0a1df08783a49e5ac2ba058d9f535965d4aae4f

  • SSDEEP

    3072:lr3IFZ5RdITmom1Q4DvPJGISUGJ3K+157Z9E3zAMn8Uq:lr3AcpgbPBvGJ3Km7Z9EjAonq

Malware Config

Extracted

Family

redline

Botnet

foz

C2

79.110.62.16:1912

Targets

    • Target

      364e1e1ec53644f83d25bc6457b64f5517c3ae19cf17cc725c91fd3faeba17ba.exe

    • Size

      648KB

    • MD5

      602a4ddfabfe7c1b5fa31290e5295a89

    • SHA1

      faf33c2b48f6f4f9f6937cbd63655bcd7072677a

    • SHA256

      364e1e1ec53644f83d25bc6457b64f5517c3ae19cf17cc725c91fd3faeba17ba

    • SHA512

      8a18dd7501e9a509558f858ac684dd5030aff62a073f6307de4d4d27c0a6b39d824f637c7305c648cab23ad68d54a6eb8b62d23e667c3f04c01641e22ca56ad1

    • SSDEEP

      6144:YgZCAQw89v2xG/o58ZsyW0YRpM8q94nhOc8mf4H444l:SAu8OWe8q9wOcr4H444l

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks