Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    420KB

  • Sample

    230111-fnjnrsae52

  • MD5

    1f2a7a9a140a2c2c1d71eaa232d0af35

  • SHA1

    14651addc7f126a3f985c016e2cd7f087c31fdca

  • SHA256

    d2bf6df63e6a4d0ca6461c83a7c3294bef954eb3364ed27355f90b54bd51417f

  • SHA512

    78111ee9617e42f16fec5a3d3267acde91a46227dc863e00a3ddd17ae87eda52a4a58debfb48eba3f6113473eb9e44dd5e6c98a2ea569d915ca74d36da560e6c

  • SSDEEP

    6144:phvfLMiEDB/7XRi3EpGJTs/1hfuq4d+lEtcCjkBkIvuuOph1FNng6:phHQiUlrYO1hmq4dj6H5uuOdFNnd

Malware Config

Extracted

Family

redline

Botnet

@new@2023

C2

77.73.133.62:22344

Attributes
  • auth_value

    8284279aedaed026a9b7cb9c1c0be4e4

Targets

    • Target

      file.exe

    • Size

      420KB

    • MD5

      1f2a7a9a140a2c2c1d71eaa232d0af35

    • SHA1

      14651addc7f126a3f985c016e2cd7f087c31fdca

    • SHA256

      d2bf6df63e6a4d0ca6461c83a7c3294bef954eb3364ed27355f90b54bd51417f

    • SHA512

      78111ee9617e42f16fec5a3d3267acde91a46227dc863e00a3ddd17ae87eda52a4a58debfb48eba3f6113473eb9e44dd5e6c98a2ea569d915ca74d36da560e6c

    • SSDEEP

      6144:phvfLMiEDB/7XRi3EpGJTs/1hfuq4d+lEtcCjkBkIvuuOph1FNng6:phHQiUlrYO1hmq4dj6H5uuOdFNnd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks