Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Analysis of cochang private key leak event on March 21, 2023.pdf.zip

  • Size

    28.7MB

  • Sample

    230326-g9hh9sfg25

  • MD5

    14590ed407ac3137dfebf6e577738b6f

  • SHA1

    4c57d1fdf4b14bfbfaee2adefe1a186bb48b7fcd

  • SHA256

    8849188015f3e48dff6985bd0b823fb744da1e65e7ac93fed19e370e3af419d3

  • SHA512

    0179b1852e1c0062c906613c0eedb681d345c468d12754efda7b0970ad9441caf5a483f05a48ed3e2f811154491678496936a6304b95f85375c8e057c8ecfe8b

  • SSDEEP

    393216:PdRMyQ5nDRugTM6ZWK4GV+Pws5TttG9/yaxC67GHh6FKLNhvNzkRZO9DXwhT+GbK:PYp1nM6WO+1TOxeMFkNJN40DAhKGbEfH

Malware Config

Extracted

Family

redline

Botnet

1-2potok

C2

212.113.116.143:29996

Attributes
  • auth_value

    b5701ee96cdcd1581bc7b0c10049e64b

Targets

    • Target

      Analysis of cochang private key leak event on March 21, 2023.pdf.scr

    • Size

      29.3MB

    • MD5

      0995c7e65e37b776d64b283ca1f21489

    • SHA1

      c5f056d287d852a4c88029f3dd863b27e2a7ec77

    • SHA256

      adfc6d2b25d8aba59c5b358a1ec69a0d9e79d7636999f6232454397435f035a3

    • SHA512

      e05ff36f2d5db1a3bbf6583554ddcad5980ac74782e4b2082a5442f9a8b54b54022848d218d0fa96083176aef6cc2671a0c99a34a717d37073d0ed2c3d79f627

    • SSDEEP

      786432:SjMR4qHLpizyVp/1q1rINsjsq3gazg7ag:0BqHBV1q1rImjsQxPg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks