Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

03/09/2024, 07:02

240903-ht7zna1hmd 3

15/07/2024, 04:06

240715-epf4laxcmr 10

General

  • Target

    Tool.zip

  • Size

    37.0MB

  • Sample

    240715-epf4laxcmr

  • MD5

    27ae86a9f43183e11a50817f33bdcef5

  • SHA1

    aeff55bf8208b5e028540e204f71c26a547940e6

  • SHA256

    745a35df6cc0345cbe54c6383f742fb1a3aa9d8e43aa8dbb4aba2412c5dab6dd

  • SHA512

    56f6dc276cde284757558d0a4110bf6c304bad7f23341788ed7d1da3eca26412d0e8f9676dbc9a92e9c105b6467fc4b4261771ca14b1da1a23da8331b4ec07a0

  • SSDEEP

    786432:RgBBnzU0ojNoikkK9zwwe46+kStqk1kHXXit+EYHBGsDBZM5wR7UMPl36FQnt:aBBnzXojNo19zXZrqk1k3XZXHBGsDBZ5

Malware Config

Extracted

Family

redline

Botnet

tgsetupfudvero

C2

51.195.206.227:38719

Targets

    • Target

      Tool/Tool.exe

    • Size

      4.4MB

    • MD5

      d48f62048d05fe25ae38bea06ec96e95

    • SHA1

      d21c8d35ee8abba7d456542ebb1ea8d1f2ad6bfa

    • SHA256

      3110a13a098e03ca4ebadf301969f5957d760fd85df25b71401bedcfcd91bf67

    • SHA512

      c715b36e7163b7c06bb64d7d57743885691cb7db6b945be5a2acb40c937a7fe28873450bac8b79a6882cba53afa679cc2298dc8f90e6c1c7d1ceed692ea91b4e

    • SSDEEP

      49152:K9lUVYIliyVMXHjQh/PERTLBsX1hfQikQ04La0c8DHOXToGo4b/iJVUm4FnMor2R:9dWTQh/PhJRJeoRO/ismwrc

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks