Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    221001-vnjq4ahcel

  • MD5

    fe83e979df7ebf1ce0eb2e8309154ebc

  • SHA1

    5c3528d56036033a77880d06e30734351e8dc328

  • SHA256

    6a6ed1777e8edb9ccd43c48335dfabfaf1daeb8c2de0c28ca69b79ab050d39fe

  • SHA512

    8fd49690802c7d8a269b1158b55db7aa561c320a689a31e307f0ef20a73b66cf012f2fcbaaf5788e607d6feed97ee1a201b0771d88aa5a657f1ce01ad7eba2bf

  • SSDEEP

    24576:sttbQsmZvjUrRjJnY5ucoo3LkNt3Q0NXt25:stqDqJwu83ANFdXk

Malware Config

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      fe83e979df7ebf1ce0eb2e8309154ebc

    • SHA1

      5c3528d56036033a77880d06e30734351e8dc328

    • SHA256

      6a6ed1777e8edb9ccd43c48335dfabfaf1daeb8c2de0c28ca69b79ab050d39fe

    • SHA512

      8fd49690802c7d8a269b1158b55db7aa561c320a689a31e307f0ef20a73b66cf012f2fcbaaf5788e607d6feed97ee1a201b0771d88aa5a657f1ce01ad7eba2bf

    • SSDEEP

      24576:sttbQsmZvjUrRjJnY5ucoo3LkNt3Q0NXt25:stqDqJwu83ANFdXk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks