Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    64c03c0f3abecf51f9479209e6a24ad3374c919fe706a198c4cc6346e44782ae

  • Size

    261KB

  • Sample

    221224-1gfczsaf68

  • MD5

    1ab931de28de0063e1aa0b4a6643372f

  • SHA1

    e908eef7fd2e157eecc6ca893f095c660f2dccc9

  • SHA256

    e7832092ab2176aa1bdadc5691a5b86595e5289fe1894466d4d4b19427581657

  • SHA512

    e97e95f800898be6288f17fdc44a63f90042463e6b3524a0010931000fc2e2eb2a00f7d3225412ea8ed0f793cdeb8e49d2b0512ea34499d01e7041cf793f2ab3

  • SSDEEP

    6144:2J15K8MWNkQeeLd7IKlA4TMYWGwEsyr7PTPWY:2J1qW+k3dw47TWY

Malware Config

Extracted

Family

redline

Botnet

shakur

C2

31.41.244.198:4083

Attributes
  • auth_value

    77cf57cf0231c3bc6ab7b37cc351aa82

Targets

    • Target

      64c03c0f3abecf51f9479209e6a24ad3374c919fe706a198c4cc6346e44782ae

    • Size

      344KB

    • MD5

      5e63f777438c8809dd4803f4ef76b0f5

    • SHA1

      3965f638ddf3e91fe50c05a3414378da3ecef77f

    • SHA256

      64c03c0f3abecf51f9479209e6a24ad3374c919fe706a198c4cc6346e44782ae

    • SHA512

      81bcbbcbf59bcebed1b20a0f899ef59dc1847b684b55fd6f48fecd541f1f930639087fbe25349026cc558c21e6ca8c849a4eb5933e3a0e70c0fa3ac03dfdb142

    • SSDEEP

      6144:/aL216yrWNkQeoLd7IqlA4VMYWG4EsaMKX:ya16yrW+SVP4YrX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks