Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302

  • Size

    333KB

  • Sample

    221218-17g99sgg6y

  • MD5

    cca9077b425936e83114909afef08929

  • SHA1

    3b5136cc68871b1b1c875177771ec67471ef9a9e

  • SHA256

    279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302

  • SHA512

    969ce7046173b3ef147438e348a69aa7c4bb194cc0659cb7ea3808909f8d37ce7fbfd9a1cd1dd233a301378ec8b3c176d322161918479d9968bd9e6e0f813dd4

  • SSDEEP

    6144:Q86gTLIknoLHVvai7t6Et174H57Jcm1oQLenFKalsKeBg3CqqVoU0VB:Q86KEUobtFt6Et1m57JcUasKemSJ9O

Malware Config

Extracted

Family

redline

Botnet

nokia

C2

31.41.244.198:4083

Attributes
  • auth_value

    3b38e056d594ae0cf1368e6e1daa3a4e

Targets

    • Target

      279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302

    • Size

      333KB

    • MD5

      cca9077b425936e83114909afef08929

    • SHA1

      3b5136cc68871b1b1c875177771ec67471ef9a9e

    • SHA256

      279d687eec84cee9e0c96d5b5a68327acce6b80593fa0396d5848339fce3a302

    • SHA512

      969ce7046173b3ef147438e348a69aa7c4bb194cc0659cb7ea3808909f8d37ce7fbfd9a1cd1dd233a301378ec8b3c176d322161918479d9968bd9e6e0f813dd4

    • SSDEEP

      6144:Q86gTLIknoLHVvai7t6Et174H57Jcm1oQLenFKalsKeBg3CqqVoU0VB:Q86KEUobtFt6Et1m57JcUasKemSJ9O

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks