Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Resubmissions

17/10/2022, 13:58

221017-q93zmscac7 10

17/10/2022, 13:22

221017-qmg4nabhe2 10

17/10/2022, 05:59

221017-gpprvaahgp 10

General

  • Target

    0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e.exe

  • Size

    5.8MB

  • Sample

    221017-gpprvaahgp

  • MD5

    3e1a211e78c3fb60c8f7b52663fa741e

  • SHA1

    068fb47cf931e4788010d55a32ed9b74d3777df7

  • SHA256

    0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e

  • SHA512

    b15702739ae6fd6108fa6d4967f7613ccbc171056a3dd81de21681f480e92be475586fd2a083c12b26648a29db2377f23dd36e2889d172c9e82df959fc5ba409

  • SSDEEP

    98304:eT8TT3cExPT2uW5MI079g+DomNbpN3yjwQOF/lvlXAWCwFb8M7kwhi6zlUk5SoYp:eTM3PoL2V76+DjnNgwQ+dtLZ7kwg6JUX

Malware Config

Extracted

Family

redline

Botnet

+new10

C2

95.217.81.67:15781

Attributes
  • auth_value

    71466e289c1fa2064de510a850454a2a

Targets

    • Target

      0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e.exe

    • Size

      5.8MB

    • MD5

      3e1a211e78c3fb60c8f7b52663fa741e

    • SHA1

      068fb47cf931e4788010d55a32ed9b74d3777df7

    • SHA256

      0b248d8cc9122111b96ed71172ef287726900529da9cdc8da9968a2d40f1191e

    • SHA512

      b15702739ae6fd6108fa6d4967f7613ccbc171056a3dd81de21681f480e92be475586fd2a083c12b26648a29db2377f23dd36e2889d172c9e82df959fc5ba409

    • SSDEEP

      98304:eT8TT3cExPT2uW5MI079g+DomNbpN3yjwQOF/lvlXAWCwFb8M7kwhi6zlUk5SoYp:eTM3PoL2V76+DjnNgwQ+dtLZ7kwg6JUX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks