Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    347KB

  • Sample

    221026-3q5eksaafl

  • MD5

    5c155294b9a343f5bf1e63f64d830703

  • SHA1

    d15231628a5776f8866be6b073efc90ac2b44474

  • SHA256

    a4b5bc9f7e30c488564c5e46a931b3bfb876e0a5261f7aee68b6751be7dfc8c3

  • SHA512

    8f05750b9b53a2b4e30ddff565f1f2405be36294b72abb611612717355d433fe39ad2a9a7b2bbc0823347a7f8c25f6d0ccdbfd793150aecc8977b05977453f4c

  • SSDEEP

    6144:ZxE7gsL/d5MaLNZsWyFAQqVqLU5kD593FEzZTZpp5smIAG:ZxE0sbDMEsWy9qVv5iv3FE1JeqG

Malware Config

Extracted

Family

redline

Botnet

Fote

C2

79.137.199.60:4691

Attributes
  • auth_value

    e063cd2fd03a8d8334b8d7c3a7b0e7ef

Targets

    • Target

      file.exe

    • Size

      347KB

    • MD5

      5c155294b9a343f5bf1e63f64d830703

    • SHA1

      d15231628a5776f8866be6b073efc90ac2b44474

    • SHA256

      a4b5bc9f7e30c488564c5e46a931b3bfb876e0a5261f7aee68b6751be7dfc8c3

    • SHA512

      8f05750b9b53a2b4e30ddff565f1f2405be36294b72abb611612717355d433fe39ad2a9a7b2bbc0823347a7f8c25f6d0ccdbfd793150aecc8977b05977453f4c

    • SSDEEP

      6144:ZxE7gsL/d5MaLNZsWyFAQqVqLU5kD593FEzZTZpp5smIAG:ZxE0sbDMEsWy9qVv5iv3FE1JeqG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks