Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    91f46b746769a986deed4a9b2bea4115b2e026097cd9e06a98fb83f696b01397

  • Size

    381KB

  • Sample

    230326-m1xjqagc44

  • MD5

    0331b3f97d5720cf86835be9a99d2438

  • SHA1

    4c2b5d47525b11f802c14bb8588549dd95de948e

  • SHA256

    91f46b746769a986deed4a9b2bea4115b2e026097cd9e06a98fb83f696b01397

  • SHA512

    3779edd58760eb040e191a96fd030d5aec4d0b4f83ccd0b5302bd2482e8afac95ebabdf4d8363b39db8bc937ea5ae283056afcb003538877e8a6c9bb145e9fef

  • SSDEEP

    6144:i8lFvCOdK5ezjFwnr7pHq6LwuE2aVvCG0n8y3WImuSb1UO/nNN4T:flFvjdKA/2r7pHqZlJIB8hgSJU0N

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      91f46b746769a986deed4a9b2bea4115b2e026097cd9e06a98fb83f696b01397

    • Size

      381KB

    • MD5

      0331b3f97d5720cf86835be9a99d2438

    • SHA1

      4c2b5d47525b11f802c14bb8588549dd95de948e

    • SHA256

      91f46b746769a986deed4a9b2bea4115b2e026097cd9e06a98fb83f696b01397

    • SHA512

      3779edd58760eb040e191a96fd030d5aec4d0b4f83ccd0b5302bd2482e8afac95ebabdf4d8363b39db8bc937ea5ae283056afcb003538877e8a6c9bb145e9fef

    • SSDEEP

      6144:i8lFvCOdK5ezjFwnr7pHq6LwuE2aVvCG0n8y3WImuSb1UO/nNN4T:flFvjdKA/2r7pHqZlJIB8hgSJU0N

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks