Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0x000600000002313e-188.dat

  • Size

    168KB

  • Sample

    230511-hm3rcscb79

  • MD5

    ed157b317eb07304af11bcc2ba7c444f

  • SHA1

    cb5373125c2494b9d0291221fae4e1677e6e5faa

  • SHA256

    20f8c476655d28ddbe9f0c7ff2fae61a757f36aaffa010d793a11df83e901d88

  • SHA512

    c9281bdd0edebbb654ba65318c9c83ac0b4189a2ee6f70d9e82a98a10b1a1373b4bd5d85aec8e763a991431001be9c8cf93ff27986a96c48483b15ca1d5c8d2a

  • SSDEEP

    3072:8kmfv4r8W2qTvI2t2qVwoMTOIkvl98e8hg:gfvhZ/Rfkvl9

Malware Config

Extracted

Family

redline

Botnet

mixa

C2

185.161.248.75:4132

Attributes
  • auth_value

    9d14534b25ac495ab25b59800acf3bb2

Targets

    • Target

      0x000600000002313e-188.dat

    • Size

      168KB

    • MD5

      ed157b317eb07304af11bcc2ba7c444f

    • SHA1

      cb5373125c2494b9d0291221fae4e1677e6e5faa

    • SHA256

      20f8c476655d28ddbe9f0c7ff2fae61a757f36aaffa010d793a11df83e901d88

    • SHA512

      c9281bdd0edebbb654ba65318c9c83ac0b4189a2ee6f70d9e82a98a10b1a1373b4bd5d85aec8e763a991431001be9c8cf93ff27986a96c48483b15ca1d5c8d2a

    • SSDEEP

      3072:8kmfv4r8W2qTvI2t2qVwoMTOIkvl98e8hg:gfvhZ/Rfkvl9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks