Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

14/07/2024, 06:48

240714-hk3ctazgpk 10

14/07/2024, 06:36

240714-hc8vmazekk 10

General

  • Target

    podrebro.zip

  • Size

    59.0MB

  • Sample

    240714-hk3ctazgpk

  • MD5

    099e8c57a00d32582e52142fe56ff139

  • SHA1

    546e734f1d7d486b47635c8aa610e6b3a229ffc2

  • SHA256

    7706a695da0b080283cb224d820e8e3976ea32c8845c71362af539ddcaf30fa3

  • SHA512

    6c967650c00d3c8c90a9787321ffddb330c26173d92990778b4bfc32d6261ac9d0e5b3c635b6731489c39956417c653bf6990c251d6685c3614e521d96efd376

  • SSDEEP

    1572864:puPDz3bj8z15h6U9f8NFx8LdAtkH+xg+recPWNW2/LfGU:Mb/21f6Uh8odAtkeg2WzR

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      podrebro/safeline v2.exe

    • Size

      1.4MB

    • MD5

      ea1bb9072eb5de3f8ab97136c4356413

    • SHA1

      13712e211ff8a312713e3898b76302fe99f77608

    • SHA256

      8062c187f15a2d4662ea5c7beb919159e992966d56ba29d1067516edb35d4aa9

    • SHA512

      a14ab330221d2895000c7a8abc516f352dc6197f7a54fbe890d295190794eb0cc08fc9e6fb6a3a783e2a7a6ad3c544ffc1638e2f0eee1c184e8a5ce170fc369f

    • SSDEEP

      24576:5UsajnFmkLlnKZGMZQx/OkmuRgsOK1pf/OGQdZUkWNN:5U0IMZQx/OkmuRgsOK1pf/OGQdZUkWNN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks