Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    34ad4ae674931e5e09ef7f406a8f300dee2132cf06435e67ef211c8d48f27305

  • Size

    364KB

  • Sample

    220926-gx8jxsahbq

  • MD5

    dcd526d6174300b006d616405723a335

  • SHA1

    0e58f18c22c458340dd4afe88cc1d25d43c99aba

  • SHA256

    34ad4ae674931e5e09ef7f406a8f300dee2132cf06435e67ef211c8d48f27305

  • SHA512

    3d6b64bc6c6b42f5e7c1e7f0eb17544fe55a568355c6c0ad0709b01e67abe54291a708ae56f05a487cd07838dd973bc524af912c132ff6f697bc2626914d491c

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Targets

    • Target

      34ad4ae674931e5e09ef7f406a8f300dee2132cf06435e67ef211c8d48f27305

    • Size

      364KB

    • MD5

      dcd526d6174300b006d616405723a335

    • SHA1

      0e58f18c22c458340dd4afe88cc1d25d43c99aba

    • SHA256

      34ad4ae674931e5e09ef7f406a8f300dee2132cf06435e67ef211c8d48f27305

    • SHA512

      3d6b64bc6c6b42f5e7c1e7f0eb17544fe55a568355c6c0ad0709b01e67abe54291a708ae56f05a487cd07838dd973bc524af912c132ff6f697bc2626914d491c

    • SSDEEP

      6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks