Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ca31b9279372f6f0672745fdb1aa7994e6389ffd6f06463fcf2f309ef7e6a618

  • Size

    347KB

  • Sample

    230327-q41mbsfg7x

  • MD5

    ecc1133beb2746e494fc9e026d389915

  • SHA1

    3dc788347916bcca4d8ca1a7f12da71955f43d24

  • SHA256

    ca31b9279372f6f0672745fdb1aa7994e6389ffd6f06463fcf2f309ef7e6a618

  • SHA512

    f8397faf7a0528829c170ecd67dd043722750b33929bf510ee3b22f0a1adc422b4cedbfa911ac98f8e6816e4cb9bb1c48d01d8614788cde1767865980ad7c5cd

  • SSDEEP

    6144:3P3/aw9TKLfU9oloFQN5IPn8wgRGmm7DQmfiu9fFY+mnoW6:fC8TK75loFQN5iVmmXdKujZm

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      ca31b9279372f6f0672745fdb1aa7994e6389ffd6f06463fcf2f309ef7e6a618

    • Size

      347KB

    • MD5

      ecc1133beb2746e494fc9e026d389915

    • SHA1

      3dc788347916bcca4d8ca1a7f12da71955f43d24

    • SHA256

      ca31b9279372f6f0672745fdb1aa7994e6389ffd6f06463fcf2f309ef7e6a618

    • SHA512

      f8397faf7a0528829c170ecd67dd043722750b33929bf510ee3b22f0a1adc422b4cedbfa911ac98f8e6816e4cb9bb1c48d01d8614788cde1767865980ad7c5cd

    • SSDEEP

      6144:3P3/aw9TKLfU9oloFQN5IPn8wgRGmm7DQmfiu9fFY+mnoW6:fC8TK75loFQN5iVmmXdKujZm

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.