Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    596f2946d7a78c8fd4aa2b7701d0adea57f6b27b11bf8366e69fcfec92dae3aa

  • Size

    243KB

  • Sample

    220907-b3nh2sagf7

  • MD5

    6c2efe7c6713341f2fc1966f0a94a642

  • SHA1

    b04384652ae53e65c8fd01f7fd42df29a7caddf2

  • SHA256

    376c386a637ef843a318adce643819a68f664c7795b0bbfa7b01e474d0b41216

  • SHA512

    97593d382528c20aaff75e3cb075fe75675b8b2c5a927168d1e194c8650f947fbe06e4a10605f31137d1915fb1962fdb43178180bd24844c8cb266ef62cd8cbe

  • SSDEEP

    6144:vVIP54cpmYDhoVpVNMSpyN5xouOAblfDHrCgbDhdYJwznwad:vVIP54cko+jXZuRigPhLzwad

Malware Config

Extracted

Family

redline

Botnet

twick

C2

trustedwicky.com:80

Attributes
  • auth_value

    2284521981f16053dae08194ef371cb3

Targets

    • Target

      596f2946d7a78c8fd4aa2b7701d0adea57f6b27b11bf8366e69fcfec92dae3aa

    • Size

      361KB

    • MD5

      523ec13a73602aed47e911453df629d4

    • SHA1

      1dac079455fbf72496a97be5461ec50f4b857c0d

    • SHA256

      596f2946d7a78c8fd4aa2b7701d0adea57f6b27b11bf8366e69fcfec92dae3aa

    • SHA512

      67e273f2107621fa07391c4604a8cc922572550db736e64c96bab18b35d8b9d1957482c6f8625af91015951a12f69c8a900ade9e7138c10bb1182b24b47faed1

    • SSDEEP

      6144:21mec8NDwJabA/BDzhzVBOAXi1qAN5xo6OAb5fDHrCg7DhdYJwxHpfx:217NkUs/BDzhzVFXeQ6digvhLxJfx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks