Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6797b4f2d6ca012553f8ef49902fe247e2fb6a1bae4608a4c3c6f6610e3c6289

  • Size

    398KB

  • Sample

    221227-sxjrcaac5y

  • MD5

    a832d660925ae99429504a4f609591e6

  • SHA1

    6162a26f9118c792ebc5cf43c191413f18f2313e

  • SHA256

    6797b4f2d6ca012553f8ef49902fe247e2fb6a1bae4608a4c3c6f6610e3c6289

  • SHA512

    f69c16db3317b6501974d66070f257bdf4c92865a19d10d664e064f68541da26cd756784923e4f836d2ae371021f2b9425fc4013841bc01e6f7a0488f97d7160

  • SSDEEP

    6144:aaLLPh666c/J6MYTHYaFw6gtxJL3AvF758xQ3xDPkMo5zXbAc:fLzk66cR6fTjTQxJTAvZ58xaxDPyrbA

Malware Config

Extracted

Family

redline

Botnet

shakur

C2

31.41.244.198:4083

Attributes
  • auth_value

    77cf57cf0231c3bc6ab7b37cc351aa82

Targets

    • Target

      6797b4f2d6ca012553f8ef49902fe247e2fb6a1bae4608a4c3c6f6610e3c6289

    • Size

      398KB

    • MD5

      a832d660925ae99429504a4f609591e6

    • SHA1

      6162a26f9118c792ebc5cf43c191413f18f2313e

    • SHA256

      6797b4f2d6ca012553f8ef49902fe247e2fb6a1bae4608a4c3c6f6610e3c6289

    • SHA512

      f69c16db3317b6501974d66070f257bdf4c92865a19d10d664e064f68541da26cd756784923e4f836d2ae371021f2b9425fc4013841bc01e6f7a0488f97d7160

    • SSDEEP

      6144:aaLLPh666c/J6MYTHYaFw6gtxJL3AvF758xQ3xDPkMo5zXbAc:fLzk66cR6fTjTQxJTAvZ58xaxDPyrbA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks