Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    421KB

  • Sample

    230111-xx8gxsea73

  • MD5

    c0f63782a29d9595674a6330f92b6433

  • SHA1

    cdfbf89efd10897aafbbec728be2af32fdaf26bc

  • SHA256

    2286dd3e3eae85e5aa331c9371bb6149bacbb394d8a38b33f1af34dfc1c82b2b

  • SHA512

    fa9c633625d836a2703e88551f275cad7fc47a67f6962628700b72a0230e379fdae1ed137caa0c8c30a31916db89d4609d6c1c0bceda1ef7544665dc4556d4c4

  • SSDEEP

    6144:Oyk1INKUylH7xgxtNDbYvpyqfm5v4uH9YIJB12QyFP3Zi5HjxFzC:PhNKUUOxtNiyAkv5t7k3Zix

Malware Config

Extracted

Family

redline

Botnet

@2023@New

C2

91.215.85.155:32796

Attributes
  • auth_value

    0be5b9b84cd5b707e91a48e341e3f7d7

Targets

    • Target

      file.exe

    • Size

      421KB

    • MD5

      c0f63782a29d9595674a6330f92b6433

    • SHA1

      cdfbf89efd10897aafbbec728be2af32fdaf26bc

    • SHA256

      2286dd3e3eae85e5aa331c9371bb6149bacbb394d8a38b33f1af34dfc1c82b2b

    • SHA512

      fa9c633625d836a2703e88551f275cad7fc47a67f6962628700b72a0230e379fdae1ed137caa0c8c30a31916db89d4609d6c1c0bceda1ef7544665dc4556d4c4

    • SSDEEP

      6144:Oyk1INKUylH7xgxtNDbYvpyqfm5v4uH9YIJB12QyFP3Zi5HjxFzC:PhNKUUOxtNiyAkv5t7k3Zix

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks