Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    podrebro.zip

  • Size

    59.0MB

  • Sample

    240713-zpdzfswhpm

  • MD5

    099e8c57a00d32582e52142fe56ff139

  • SHA1

    546e734f1d7d486b47635c8aa610e6b3a229ffc2

  • SHA256

    7706a695da0b080283cb224d820e8e3976ea32c8845c71362af539ddcaf30fa3

  • SHA512

    6c967650c00d3c8c90a9787321ffddb330c26173d92990778b4bfc32d6261ac9d0e5b3c635b6731489c39956417c653bf6990c251d6685c3614e521d96efd376

  • SSDEEP

    1572864:puPDz3bj8z15h6U9f8NFx8LdAtkH+xg+recPWNW2/LfGU:Mb/21f6Uh8odAtkeg2WzR

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      podrebro/safeline v2.exe

    • Size

      1.4MB

    • MD5

      ea1bb9072eb5de3f8ab97136c4356413

    • SHA1

      13712e211ff8a312713e3898b76302fe99f77608

    • SHA256

      8062c187f15a2d4662ea5c7beb919159e992966d56ba29d1067516edb35d4aa9

    • SHA512

      a14ab330221d2895000c7a8abc516f352dc6197f7a54fbe890d295190794eb0cc08fc9e6fb6a3a783e2a7a6ad3c544ffc1638e2f0eee1c184e8a5ce170fc369f

    • SSDEEP

      24576:5UsajnFmkLlnKZGMZQx/OkmuRgsOK1pf/OGQdZUkWNN:5U0IMZQx/OkmuRgsOK1pf/OGQdZUkWNN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

    • Target

      podrebro/safeline.exe

    • Size

      1.8MB

    • MD5

      26a3eccbc31131bf94c38ecc33f3ef17

    • SHA1

      8a92b0ecddca0009aadbd2312f630f8a6da3c5f8

    • SHA256

      65c70f2c14efc7c0f1b02e0a2d18c27440a5ceb67af43a97c7a215e3033f2476

    • SHA512

      ae67e43d62c98a2655753b16a387de30c8586a9a2dc552e6555b21afdb596b2d739f5542fb0c2adac12e1b45520eb4e81416dc14cb572a627510338212d4d7e1

    • SSDEEP

      49152:WOOOvLkoy1/7eF6jfBqfdG6a8fEEEELEEEEEEEpEEEEEEEm+EEEEEEEEEEEEEEEI:

    Score
    7/10
    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks