Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2892f87b4c327c36a862747578b19c4eff4712496bd3e50d6614b80a8bf6a625

  • Size

    363KB

  • Sample

    220926-fc5rvshdh8

  • MD5

    bde21c411943b464203d5991111302dc

  • SHA1

    2c8b8e465d9e88e710d5f8a60c0945b10cc738fe

  • SHA256

    2892f87b4c327c36a862747578b19c4eff4712496bd3e50d6614b80a8bf6a625

  • SHA512

    1a1ceea267eb0a6a090f98edbf7e26219d104c8019dfac56a6d0363f4c88ef06f1078d1be946c2ee384dd04f0e39953416bd45421e555d1d5bddbe2e905db2c2

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Targets

    • Target

      2892f87b4c327c36a862747578b19c4eff4712496bd3e50d6614b80a8bf6a625

    • Size

      363KB

    • MD5

      bde21c411943b464203d5991111302dc

    • SHA1

      2c8b8e465d9e88e710d5f8a60c0945b10cc738fe

    • SHA256

      2892f87b4c327c36a862747578b19c4eff4712496bd3e50d6614b80a8bf6a625

    • SHA512

      1a1ceea267eb0a6a090f98edbf7e26219d104c8019dfac56a6d0363f4c88ef06f1078d1be946c2ee384dd04f0e39953416bd45421e555d1d5bddbe2e905db2c2

    • SSDEEP

      6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks