Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191

  • Size

    1.8MB

  • Sample

    221001-h97c3agfdq

  • MD5

    acf5d1a8f625d7d5b4d877dde28c613c

  • SHA1

    08cb78a12d8905e2d2e781e8f8c49fd4a5696773

  • SHA256

    653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191

  • SHA512

    35d11fd972abaeebf10083765ba76b140d83bf7e2cd0986cbc0652dfa489c54b31772e43c5e5c64e69084fffa6df930ec65fb89557f73a94a040eccd6ba2991c

  • SSDEEP

    24576:TVxdc2VqcvHrb/hyuDZipy6CSbF2MhKlgVE30s2PQ0iOa/tNbKTwB:B0evH3WYkUuFEElQ1tkT

Malware Config

Extracted

Family

redline

Botnet

FREE-APPS

C2

amrican-sport-live-stream.cc:4581

Attributes
  • auth_value

    0c9fc6b0cc64520358e3542816da34e2

Targets

    • Target

      653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191

    • Size

      1.8MB

    • MD5

      acf5d1a8f625d7d5b4d877dde28c613c

    • SHA1

      08cb78a12d8905e2d2e781e8f8c49fd4a5696773

    • SHA256

      653388cbb84b4a94bcc4370bffca1672fe96f2fe5e3506001e65c3697c7c4191

    • SHA512

      35d11fd972abaeebf10083765ba76b140d83bf7e2cd0986cbc0652dfa489c54b31772e43c5e5c64e69084fffa6df930ec65fb89557f73a94a040eccd6ba2991c

    • SSDEEP

      24576:TVxdc2VqcvHrb/hyuDZipy6CSbF2MhKlgVE30s2PQ0iOa/tNbKTwB:B0evH3WYkUuFEElQ1tkT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks