Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    97ae866c9d4156177a63a6ad273a3f296f99bf026cddc1531d29a2d84ce75e28

  • Size

    361KB

  • Sample

    220925-a4a4nsceg8

  • MD5

    6d22e7782223e1c3965a8c3b535178eb

  • SHA1

    27ea5867d77e0a16ae4b09a8eb64ad7de8634fe7

  • SHA256

    97ae866c9d4156177a63a6ad273a3f296f99bf026cddc1531d29a2d84ce75e28

  • SHA512

    0e6214bd387c53df47b6d129ca2f04633d3bcd5cf0c714807de908b5e6030914da6cee816624a03b88dc182e22a8345bcdfb22f91003e55bea5cd6f0b2e2d1d0

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Targets

    • Target

      97ae866c9d4156177a63a6ad273a3f296f99bf026cddc1531d29a2d84ce75e28

    • Size

      361KB

    • MD5

      6d22e7782223e1c3965a8c3b535178eb

    • SHA1

      27ea5867d77e0a16ae4b09a8eb64ad7de8634fe7

    • SHA256

      97ae866c9d4156177a63a6ad273a3f296f99bf026cddc1531d29a2d84ce75e28

    • SHA512

      0e6214bd387c53df47b6d129ca2f04633d3bcd5cf0c714807de908b5e6030914da6cee816624a03b88dc182e22a8345bcdfb22f91003e55bea5cd6f0b2e2d1d0

    • SSDEEP

      6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks