Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7a24978d3b417daf1083a4b5adae2fa8a5e6187e7bb3ed41a9b21bc88967a762

  • Size

    378KB

  • Sample

    230326-ex9qwahd8s

  • MD5

    4cceff0ec2bfb40256fb5e1ff1f1069f

  • SHA1

    a8d73dc960392b379d629df61b3fcd07ce9fb9b6

  • SHA256

    7a24978d3b417daf1083a4b5adae2fa8a5e6187e7bb3ed41a9b21bc88967a762

  • SHA512

    1a80817fb4157a3a63e1a5a21cc843e226945339b964f799e3495f539765f475eb7a29940fb5c2ea46cf0e99abcd2c1f1c238494c3059b7954d0767a4a157c91

  • SSDEEP

    6144:Eg1PXP9KwXxAHmtQBqwg33MEptKD1P8QpTfz:Eg1H9VXMmmAVcuoD9dz

Malware Config

Extracted

Family

redline

Botnet

koreamon

C2

koreamonitoring.com:80

Attributes
  • auth_value

    1a0e1a9f491ef3df873a03577dfa10aa

Targets

    • Target

      7a24978d3b417daf1083a4b5adae2fa8a5e6187e7bb3ed41a9b21bc88967a762

    • Size

      378KB

    • MD5

      4cceff0ec2bfb40256fb5e1ff1f1069f

    • SHA1

      a8d73dc960392b379d629df61b3fcd07ce9fb9b6

    • SHA256

      7a24978d3b417daf1083a4b5adae2fa8a5e6187e7bb3ed41a9b21bc88967a762

    • SHA512

      1a80817fb4157a3a63e1a5a21cc843e226945339b964f799e3495f539765f475eb7a29940fb5c2ea46cf0e99abcd2c1f1c238494c3059b7954d0767a4a157c91

    • SSDEEP

      6144:Eg1PXP9KwXxAHmtQBqwg33MEptKD1P8QpTfz:Eg1H9VXMmmAVcuoD9dz

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks