Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954

  • Size

    367KB

  • Sample

    220912-tzwdladfd7

  • MD5

    a1c88160806213516c95141ac3923a20

  • SHA1

    00d4953bcd3a3e6bac804624a51979be566c1764

  • SHA256

    bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954

  • SHA512

    e666f51829c1d6dff19528d3f493c09ecc146551be8f9598792961a0ebb04b60cf4cb9bd52bc2d24fc51557d606a2e0ceebee61be25d6910e13c2bd9ebae3f04

  • SSDEEP

    6144:vOUFTUZR/yTVz3qJrrEt3Inb4rbbztHFjUvRaspByPfe9T6OyLXi9lvgBdSHk:GO4n/Ed3q1rW3Inb4rDthWTpQ29T6UxF

Malware Config

Extracted

Family

redline

Botnet

twick

C2

trustedwicky.com:80

Attributes
  • auth_value

    2284521981f16053dae08194ef371cb3

Targets

    • Target

      bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954

    • Size

      367KB

    • MD5

      a1c88160806213516c95141ac3923a20

    • SHA1

      00d4953bcd3a3e6bac804624a51979be566c1764

    • SHA256

      bd2c8055bd48f3b3b00550250f4851e7f5995a034005d5af589a33ac1dc36954

    • SHA512

      e666f51829c1d6dff19528d3f493c09ecc146551be8f9598792961a0ebb04b60cf4cb9bd52bc2d24fc51557d606a2e0ceebee61be25d6910e13c2bd9ebae3f04

    • SSDEEP

      6144:vOUFTUZR/yTVz3qJrrEt3Inb4rbbztHFjUvRaspByPfe9T6OyLXi9lvgBdSHk:GO4n/Ed3q1rW3Inb4rDthWTpQ29T6UxF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks