Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c0c3090f7bbb8b9323da12a03a63c73410f11c4e2b4c0f3bc9fd7f817575ec9

  • Size

    444KB

  • Sample

    221229-slq2aage71

  • MD5

    58d3cd26737d1d5a47a52b6468546ab8

  • SHA1

    bf1622858e381fc0fb238a08a087e1a0a7512976

  • SHA256

    5c0c3090f7bbb8b9323da12a03a63c73410f11c4e2b4c0f3bc9fd7f817575ec9

  • SHA512

    cbf53d76e6184f4db903690965784bdfcf3b0716abe20aa3279d2d91711a83bb66edb11446d73379f90b3d0ff7b694932a7abbebe80084dd4a8be36581ca9a47

  • SSDEEP

    6144:cUnLt4TguMU8jkCIzf3AeDAjwQJ/EigY4A0GvCJ/dyFIUVoFPJ2tyIxZ1WqqdS0v:fnx4TgnkCWD6rO9A0GvwFuIUa2tdYX

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      5c0c3090f7bbb8b9323da12a03a63c73410f11c4e2b4c0f3bc9fd7f817575ec9

    • Size

      444KB

    • MD5

      58d3cd26737d1d5a47a52b6468546ab8

    • SHA1

      bf1622858e381fc0fb238a08a087e1a0a7512976

    • SHA256

      5c0c3090f7bbb8b9323da12a03a63c73410f11c4e2b4c0f3bc9fd7f817575ec9

    • SHA512

      cbf53d76e6184f4db903690965784bdfcf3b0716abe20aa3279d2d91711a83bb66edb11446d73379f90b3d0ff7b694932a7abbebe80084dd4a8be36581ca9a47

    • SSDEEP

      6144:cUnLt4TguMU8jkCIzf3AeDAjwQJ/EigY4A0GvCJ/dyFIUVoFPJ2tyIxZ1WqqdS0v:fnx4TgnkCWD6rO9A0GvwFuIUa2tdYX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks