Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    D5A7AFAA7CC3C7DC5E19665034A32512.exe

  • Size

    862KB

  • Sample

    240713-1gmr3ayanp

  • MD5

    d5a7afaa7cc3c7dc5e19665034a32512

  • SHA1

    44df27378857397ff58662160bd0efbd82adc925

  • SHA256

    9440713d78fbc82ff0f1b24bf757e63c5b5c31163fdf2428a2ee244369c81370

  • SHA512

    e65df38e801fece8a1e4cb389a05732fd9247ada8ddf1cddd488f03720117c7f9fb28499053b6a1e0b6983699683ed96c0f1387f63954b849713b5a2b6627438

  • SSDEEP

    24576:26WkXAgAmrtn5VDaeToj9ySOF7kXr7Sl:ctmrtK9ob

Malware Config

Extracted

Family

redline

Botnet

6464132328_99

C2

https://t.me/+J_Z1QGHfHko0MGZi*https://steamcommunity.com/id/elcadillac

Targets

    • Target

      D5A7AFAA7CC3C7DC5E19665034A32512.exe

    • Size

      862KB

    • MD5

      d5a7afaa7cc3c7dc5e19665034a32512

    • SHA1

      44df27378857397ff58662160bd0efbd82adc925

    • SHA256

      9440713d78fbc82ff0f1b24bf757e63c5b5c31163fdf2428a2ee244369c81370

    • SHA512

      e65df38e801fece8a1e4cb389a05732fd9247ada8ddf1cddd488f03720117c7f9fb28499053b6a1e0b6983699683ed96c0f1387f63954b849713b5a2b6627438

    • SSDEEP

      24576:26WkXAgAmrtn5VDaeToj9ySOF7kXr7Sl:ctmrtK9ob

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks