Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    393KB

  • Sample

    230101-p9scgabg34

  • MD5

    57b807696cbaa0e3d1e76a65d8d8d67c

  • SHA1

    89ff974520fecd4fda0033c62e04f9a7dde34c51

  • SHA256

    42b99927f8dc0c44b50f03f39471ba58871bcb91cb6db88d298a1738b2cf899e

  • SHA512

    5522f32bd4f8666bf73cd4508cc9bb720f1bddf9365a81a92b03f80a6936599622e2cf58e37fa01ebd300e8b5602d34f242604df28d0a5e2f67d014bb93505f5

  • SSDEEP

    6144:yhq2LHiw0UvoMBUOb9yKuLlXguZqRAb6eV4b7i:yhq2ji9Uvjb9gL5gDRAb6a4bu

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      file.exe

    • Size

      393KB

    • MD5

      57b807696cbaa0e3d1e76a65d8d8d67c

    • SHA1

      89ff974520fecd4fda0033c62e04f9a7dde34c51

    • SHA256

      42b99927f8dc0c44b50f03f39471ba58871bcb91cb6db88d298a1738b2cf899e

    • SHA512

      5522f32bd4f8666bf73cd4508cc9bb720f1bddf9365a81a92b03f80a6936599622e2cf58e37fa01ebd300e8b5602d34f242604df28d0a5e2f67d014bb93505f5

    • SSDEEP

      6144:yhq2LHiw0UvoMBUOb9yKuLlXguZqRAb6eV4b7i:yhq2ji9Uvjb9gL5gDRAb6a4bu

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks