Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    tmp

  • Size

    175KB

  • Sample

    230131-h4ee4afc33

  • MD5

    a7836eb23a023808fedb12c080314dc7

  • SHA1

    f7a3d881b8a3087b7cc8e8b2efd0efa2d745e49b

  • SHA256

    bf5e49b09c2c5a21efb1b68d246fa57ecfd37f77e36b087f785f5079096f416e

  • SHA512

    78e96bd870ad4a36be3599832acba2210722c350b3970adec7c0ac0186ecd3639e28efa18c193a520fdf157ef4d8d238f60f2d8cce748b797ffeb0ac9614dc61

  • SSDEEP

    3072:ExqZWWFa7E6T8WDbta4keK49rh+7xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOF:aqZPWDbtxLrh

Malware Config

Extracted

Family

redline

Botnet

sw49

C2

49.12.247.184:18430

Attributes
  • auth_value

    d4cac5c7f31fb979d374fc8137a9b10b

Targets

    • Target

      tmp

    • Size

      175KB

    • MD5

      a7836eb23a023808fedb12c080314dc7

    • SHA1

      f7a3d881b8a3087b7cc8e8b2efd0efa2d745e49b

    • SHA256

      bf5e49b09c2c5a21efb1b68d246fa57ecfd37f77e36b087f785f5079096f416e

    • SHA512

      78e96bd870ad4a36be3599832acba2210722c350b3970adec7c0ac0186ecd3639e28efa18c193a520fdf157ef4d8d238f60f2d8cce748b797ffeb0ac9614dc61

    • SSDEEP

      3072:ExqZWWFa7E6T8WDbta4keK49rh+7xNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOF:aqZPWDbtxLrh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks