Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    485KB

  • Sample

    230107-3h9dkaad7w

  • MD5

    46b4ced716b73e7bfc35daa1c7b83936

  • SHA1

    5e1d4219adc65f8da317c21f7e7bb96cb4443528

  • SHA256

    a5965f76ccb6fdb4ec6224186ad0770c2da3c469fa31405b1407c403352e778a

  • SHA512

    6ffad3065d1206f6b32ee8f0f8b9409190fdb30360cf1e4aa86e0b6e7a9fb61115a2b643c10c896f7ce49ea3648c3d83e805d49728756eeb5d74384fcc41219a

  • SSDEEP

    12288:gtRxHnCVQO2aH4FUbgS877NU4DZMLzMIbgvYKywEJ1i:gVHCNBHfbgws8zHbgvYKyNi

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      file.exe

    • Size

      485KB

    • MD5

      46b4ced716b73e7bfc35daa1c7b83936

    • SHA1

      5e1d4219adc65f8da317c21f7e7bb96cb4443528

    • SHA256

      a5965f76ccb6fdb4ec6224186ad0770c2da3c469fa31405b1407c403352e778a

    • SHA512

      6ffad3065d1206f6b32ee8f0f8b9409190fdb30360cf1e4aa86e0b6e7a9fb61115a2b643c10c896f7ce49ea3648c3d83e805d49728756eeb5d74384fcc41219a

    • SSDEEP

      12288:gtRxHnCVQO2aH4FUbgS877NU4DZMLzMIbgvYKywEJ1i:gVHCNBHfbgws8zHbgvYKyNi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks