Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x0003000000000735-183.dat

  • Size

    168KB

  • Sample

    230506-r2jrgahe86

  • MD5

    757db55f2bfa8548170d057df2329fd0

  • SHA1

    e4233da9b945e7189588a713ead993bab327e39d

  • SHA256

    a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe

  • SHA512

    bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a

  • SSDEEP

    1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1

Malware Config

Extracted

Family

redline

Botnet

dariy

C2

217.196.96.101:4132

Attributes
  • auth_value

    2f34aa0d1cb1023a826825b68ebedcc8

Targets

    • Target

      0x0003000000000735-183.dat

    • Size

      168KB

    • MD5

      757db55f2bfa8548170d057df2329fd0

    • SHA1

      e4233da9b945e7189588a713ead993bab327e39d

    • SHA256

      a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe

    • SHA512

      bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a

    • SSDEEP

      1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks