Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x0003000000000735-183.dat

  • Size

    168KB

  • Sample

    230506-r2jrgahe86

  • MD5

    757db55f2bfa8548170d057df2329fd0

  • SHA1

    e4233da9b945e7189588a713ead993bab327e39d

  • SHA256

    a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe

  • SHA512

    bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a

  • SSDEEP

    1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1

Malware Config

Extracted

Family

redline

Botnet

dariy

C2

217.196.96.101:4132

Attributes
  • auth_value

    2f34aa0d1cb1023a826825b68ebedcc8

Targets

    • Target

      0x0003000000000735-183.dat

    • Size

      168KB

    • MD5

      757db55f2bfa8548170d057df2329fd0

    • SHA1

      e4233da9b945e7189588a713ead993bab327e39d

    • SHA256

      a49b27d2134a98b207eb7bf113926b3ba4b25c67a601ec2a12d73c4aa0d044fe

    • SHA512

      bf71363bbfef0dfa87b74c6549b1dec904dc41ddf6e6f6f83dde1f7d9213e667a758aec67a120e7341cb422b46d23534e38d3df14fc57be9b811b7532bb5b64a

    • SSDEEP

      1536:XxB0RhlTQqlVZRGWggKbrGawXXkLYppppn/GTGqV0buXtXJKmE7n483wYkd8e8h1:XmtGRWUEppppn7qVMQZKmE7n4r8e8h1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.