Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    10db3bccf55c0e192f566261613b58e8101c86bf1365213a08cef6d473edf3bc

  • Size

    408KB

  • Sample

    221231-1xbpqsdh3w

  • MD5

    c1b609955f32c4168ec68cca098da9fc

  • SHA1

    3ac018aec49381a451d8287b8d4c3609df61e636

  • SHA256

    10db3bccf55c0e192f566261613b58e8101c86bf1365213a08cef6d473edf3bc

  • SHA512

    659966d5b7b90da6d0a73b89a892eef7d34d81a774fa12e9db5cc52b52d85c83f35a71179b0cc5a9fe72c2b8ba71880183619c714cd42db0701faae1fa30df7b

  • SSDEEP

    12288:geyqO2y4L4TT6HRehQgaiZv87BXVVW9hVfy/8+Q:g/2y4L4TT6eXaiZv87Q

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      10db3bccf55c0e192f566261613b58e8101c86bf1365213a08cef6d473edf3bc

    • Size

      408KB

    • MD5

      c1b609955f32c4168ec68cca098da9fc

    • SHA1

      3ac018aec49381a451d8287b8d4c3609df61e636

    • SHA256

      10db3bccf55c0e192f566261613b58e8101c86bf1365213a08cef6d473edf3bc

    • SHA512

      659966d5b7b90da6d0a73b89a892eef7d34d81a774fa12e9db5cc52b52d85c83f35a71179b0cc5a9fe72c2b8ba71880183619c714cd42db0701faae1fa30df7b

    • SSDEEP

      12288:geyqO2y4L4TT6HRehQgaiZv87BXVVW9hVfy/8+Q:g/2y4L4TT6eXaiZv87Q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks