Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759

  • Size

    3.4MB

  • Sample

    220921-mnpy4sgbc6

  • MD5

    99e8524684e7dd23aee250e89373ad61

  • SHA1

    7ee72012f80ed456c2205cb7a19386936f77f776

  • SHA256

    68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759

  • SHA512

    c21738a00f79c505abf254ff3aa639b432b203decedbf5c4596f6e6282cbe3c90d0d2cd33295bced4e999c471b0f2b42ef7484af0fc026df7be434abfc003c8f

  • SSDEEP

    49152:4hnmfoP0PBHeRwUTCbrnyZQI4Wx99s/ijLo:4hnmfoP0PBHeRwUCbryZQI4Wx99s/i

Malware Config

Extracted

Family

redline

Botnet

sep16as1

C2

185.215.113.122:15386

Attributes
  • auth_value

    01795623e4e3747594c759aa084bc4a0

Targets

    • Target

      68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759

    • Size

      3.4MB

    • MD5

      99e8524684e7dd23aee250e89373ad61

    • SHA1

      7ee72012f80ed456c2205cb7a19386936f77f776

    • SHA256

      68427aef7373e30b9099ab53dfbbe3e2e6972b617a0d253f301ffdcd8a73e759

    • SHA512

      c21738a00f79c505abf254ff3aa639b432b203decedbf5c4596f6e6282cbe3c90d0d2cd33295bced4e999c471b0f2b42ef7484af0fc026df7be434abfc003c8f

    • SSDEEP

      49152:4hnmfoP0PBHeRwUTCbrnyZQI4Wx99s/ijLo:4hnmfoP0PBHeRwUCbryZQI4Wx99s/i

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks