Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4

  • Size

    275KB

  • Sample

    220919-yc52qsedh3

  • MD5

    e5ad0581866dbb7f3f3da091adfb722e

  • SHA1

    2a4afa15b8589c7af2993188e67b6e4dec70c287

  • SHA256

    1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4

  • SHA512

    4c7c58df3321e3ce62992c51166d07bfca86b871c9e338398d62da21fbfa2380cd70e6de6e9800d496bfe6227efecf5b6912765f5a33a0ef6c0a7c73f6e2f9b4

  • SSDEEP

    6144:cLU496hd7Y8wA+lXp58Z0WGigavwVfDd:cLUaC5YhzL5R+q

Malware Config

Extracted

Family

redline

Botnet

new

C2

194.87.71.159:19532

Attributes
  • auth_value

    0889ae494d48e4325078e3f599f31af1

Targets

    • Target

      1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4

    • Size

      275KB

    • MD5

      e5ad0581866dbb7f3f3da091adfb722e

    • SHA1

      2a4afa15b8589c7af2993188e67b6e4dec70c287

    • SHA256

      1f63d7b1fc905bcef2d468fd52e37515d568fbd0d9656c62cd9eda173f21f4e4

    • SHA512

      4c7c58df3321e3ce62992c51166d07bfca86b871c9e338398d62da21fbfa2380cd70e6de6e9800d496bfe6227efecf5b6912765f5a33a0ef6c0a7c73f6e2f9b4

    • SSDEEP

      6144:cLU496hd7Y8wA+lXp58Z0WGigavwVfDd:cLUaC5YhzL5R+q

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks