Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    52c6a788856cae9e0842a8ba75927d6be1e56303746923b7362aa4e9cddbca07

  • Size

    331KB

  • Sample

    221228-skab5saf72

  • MD5

    57c42d252c60ca5779c6548def1fa356

  • SHA1

    212eed346e7da36b6379d86a925d42da3b81aef5

  • SHA256

    16a13fe68982acf3d2526ae1fa3668de854c005a74df8a73090f498a310c4abf

  • SHA512

    1b176cd4069f599b7dbb765c97807c563bad30c6bead6002d075c63a8491eccc6d5355646fc3354f0e0b305f33c51e6c41c4937d03e3d0a8dc1fb655bc31acea

  • SSDEEP

    6144:ooLF8IScSYbqx+d20CFCXKcHgJ3rXQ+69RGPfeuGqVjLOzlc1bYELzgSl:oo5iFYsC2A+69AeuXjulwLXl

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      52c6a788856cae9e0842a8ba75927d6be1e56303746923b7362aa4e9cddbca07

    • Size

      434KB

    • MD5

      9d24e422f8c4bf121a0ce901cf7997c9

    • SHA1

      4c2ac238d8416af7c1ebd2c79841f6eb57dce402

    • SHA256

      52c6a788856cae9e0842a8ba75927d6be1e56303746923b7362aa4e9cddbca07

    • SHA512

      1f958765bc9578c9c1748ff32490dd9ee11584aa6a73066ff6a6affaee988b2715529daeaa8fb5b6b49c6d83d959890691407504fec87af1a169a451972ee5ba

    • SSDEEP

      6144:6a3LtcSf08IScSYpqx+Z20CFCXKOH8J3rHQ+69RGPy991VN9UZdLaYon5Jk4eROz:/35siFYGCCw+69AqAdin5JF

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks