Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x0009000000012735-2289.dat

  • Size

    168KB

  • Sample

    230415-nllpcadh87

  • MD5

    9769c25c4a15b0c8af084316d51ab586

  • SHA1

    d9df15e4232d136ece8bc89354036adfdc3ec069

  • SHA256

    06b517e81040b5c3fc27adb0c5cfbc05b6082a88d3e6087bb2f3f8e941e22913

  • SHA512

    cffddfb5283ccae2615dd131eee23a137d9a79270295caa865d6f1cf8fa6650ed74106d41566b2d29f7dad39450e3a1feb46b9c568c4a71ba3329606fdea65a8

  • SSDEEP

    1536:cx56Ng2WBqlVZRGW8AAr3D09Vbo/ofhRmdicyTGqV8bumsbOwFcEND83wYkr8e8C:cXTLL0C/qV0aXFcENDd8e8h0

Malware Config

Extracted

Family

redline

Botnet

losk

C2

185.161.248.150:4128

Attributes
  • auth_value

    c0a6c391e53d2d9cd27bb17d1d38ada3

Targets

    • Target

      0x0009000000012735-2289.dat

    • Size

      168KB

    • MD5

      9769c25c4a15b0c8af084316d51ab586

    • SHA1

      d9df15e4232d136ece8bc89354036adfdc3ec069

    • SHA256

      06b517e81040b5c3fc27adb0c5cfbc05b6082a88d3e6087bb2f3f8e941e22913

    • SHA512

      cffddfb5283ccae2615dd131eee23a137d9a79270295caa865d6f1cf8fa6650ed74106d41566b2d29f7dad39450e3a1feb46b9c568c4a71ba3329606fdea65a8

    • SSDEEP

      1536:cx56Ng2WBqlVZRGW8AAr3D09Vbo/ofhRmdicyTGqV8bumsbOwFcEND83wYkr8e8C:cXTLL0C/qV0aXFcENDd8e8h0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks