Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9a34ef7ac60544cf57ce2ad68d58ad5e68da5ed5364302d722d9a7cd14005bb8

  • Size

    336KB

  • Sample

    230202-sb4jmabh2z

  • MD5

    be3b54b4733ca24594bb69e3600a1a2b

  • SHA1

    1ed99387fb861d04ab636a36861784da67dc4657

  • SHA256

    9a34ef7ac60544cf57ce2ad68d58ad5e68da5ed5364302d722d9a7cd14005bb8

  • SHA512

    5c1bc3fcab9c8932bb7ec6a3ec2ef82469c1e77b7ff27284d27154c4842a08476ea67ccd17263e64a9491241d08ce16f1e831f2d6406c8fb9a9bf7e0cd873b55

  • SSDEEP

    6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

Malware Config

Extracted

Family

redline

Botnet

24.01

C2

37.220.86.164:29170

Attributes
  • auth_value

    1c7f0aa21138601b5201a3a4a0123991

Targets

    • Target

      9a34ef7ac60544cf57ce2ad68d58ad5e68da5ed5364302d722d9a7cd14005bb8

    • Size

      336KB

    • MD5

      be3b54b4733ca24594bb69e3600a1a2b

    • SHA1

      1ed99387fb861d04ab636a36861784da67dc4657

    • SHA256

      9a34ef7ac60544cf57ce2ad68d58ad5e68da5ed5364302d722d9a7cd14005bb8

    • SHA512

      5c1bc3fcab9c8932bb7ec6a3ec2ef82469c1e77b7ff27284d27154c4842a08476ea67ccd17263e64a9491241d08ce16f1e831f2d6406c8fb9a9bf7e0cd873b55

    • SSDEEP

      6144:nbDQmioYCCAYp5fRZOVANlZ1iJ5ZccG7uMR9NX23BoIgPEDZCO4lw1JedPlC:nbDQ7LpDcVAN1lDm3BoIgPEDZCO4lw1H

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks