Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

  • Size

    724KB

  • Sample

    230211-zbs68ahg43

  • MD5

    deb0f3b739c1833a249a5d2f6f85d787

  • SHA1

    0b7fe66a2d4ccd0ff6762a771a5e1959715a6674

  • SHA256

    92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

  • SHA512

    3225b1d791805b718739573aec80486a6627fe50822e62b1232b8343bbb5f43ccf3989563afb60258498527a57a169048634dd740ee0200d42cbc3561f2160db

  • SSDEEP

    12288:kMrMy90scq0F2XbX2O1GN2yNvX88vdRIPIObrKCA5EIhAC5HiHn:Yyyq0F2XbGOGN2yp88vdRIwBtOIhg

Malware Config

Extracted

Family

redline

Botnet

fusa

C2

193.233.20.12:4132

Attributes
  • auth_value

    a08b2f01bd2af756e38c5dd60e87e697

Targets

    • Target

      92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

    • Size

      724KB

    • MD5

      deb0f3b739c1833a249a5d2f6f85d787

    • SHA1

      0b7fe66a2d4ccd0ff6762a771a5e1959715a6674

    • SHA256

      92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

    • SHA512

      3225b1d791805b718739573aec80486a6627fe50822e62b1232b8343bbb5f43ccf3989563afb60258498527a57a169048634dd740ee0200d42cbc3561f2160db

    • SSDEEP

      12288:kMrMy90scq0F2XbX2O1GN2yNvX88vdRIPIObrKCA5EIhAC5HiHn:Yyyq0F2XbGOGN2yp88vdRIwBtOIhg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks