Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a0ff190b6307e9a3a8d11e3a073edf5bbbf58262445b03774cfd1513b7d034df

  • Size

    411KB

  • Sample

    220910-hwk8nsddgl

  • MD5

    5bdb4c6a4edd23be283c4659ee3314ca

  • SHA1

    9d51073a8f07145413c2cda3da575743e3cb9858

  • SHA256

    a0ff190b6307e9a3a8d11e3a073edf5bbbf58262445b03774cfd1513b7d034df

  • SHA512

    07d9ecc44beedc0ad66033314771cc3f0c280eac82c905cd761b2a2c93adf587a3f7ad4cf66107913add391249fe86bea02759832d6383136208b2fc29e2fcd6

  • SSDEEP

    12288:z2FG0g46a8YqaQ7gQ4ISGfK2rqlN8+9rxON2t0N:zyG3x7x4ITKhN9rdt0N

Malware Config

Extracted

Family

redline

Botnet

twick

C2

trustedwicky.com:80

Attributes
  • auth_value

    2284521981f16053dae08194ef371cb3

Targets

    • Target

      a0ff190b6307e9a3a8d11e3a073edf5bbbf58262445b03774cfd1513b7d034df

    • Size

      411KB

    • MD5

      5bdb4c6a4edd23be283c4659ee3314ca

    • SHA1

      9d51073a8f07145413c2cda3da575743e3cb9858

    • SHA256

      a0ff190b6307e9a3a8d11e3a073edf5bbbf58262445b03774cfd1513b7d034df

    • SHA512

      07d9ecc44beedc0ad66033314771cc3f0c280eac82c905cd761b2a2c93adf587a3f7ad4cf66107913add391249fe86bea02759832d6383136208b2fc29e2fcd6

    • SSDEEP

      12288:z2FG0g46a8YqaQ7gQ4ISGfK2rqlN8+9rxON2t0N:zyG3x7x4ITKhN9rdt0N

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks