Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ace09955c7f46dcb78cbbad5ef3d08610c0dfd46612565cb089049f2c546ee31

  • Size

    581KB

  • Sample

    230604-zbr9xsdf86

  • MD5

    c91d9e10c95a417ddc2601835ad4a9bd

  • SHA1

    0a8c54caa46fa80d6e8da123c5fc5ed748b8efc3

  • SHA256

    ace09955c7f46dcb78cbbad5ef3d08610c0dfd46612565cb089049f2c546ee31

  • SHA512

    07b53cdb0419a820389213a125ea7865f77af4b4955baf32920643f1dd3cacbb99a41efbd874a1769ee8cd830484244e5cee10b17c7b7e7f3951aa6bb2759b0d

  • SSDEEP

    12288:9Mr7y90iScBXC/Dg+jgADJea+4ci7biaH0XFvv5QyJa72Bmjrj:SyJSM0Dg2DJD+M7O8gF35QnSmjH

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19046

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      ace09955c7f46dcb78cbbad5ef3d08610c0dfd46612565cb089049f2c546ee31

    • Size

      581KB

    • MD5

      c91d9e10c95a417ddc2601835ad4a9bd

    • SHA1

      0a8c54caa46fa80d6e8da123c5fc5ed748b8efc3

    • SHA256

      ace09955c7f46dcb78cbbad5ef3d08610c0dfd46612565cb089049f2c546ee31

    • SHA512

      07b53cdb0419a820389213a125ea7865f77af4b4955baf32920643f1dd3cacbb99a41efbd874a1769ee8cd830484244e5cee10b17c7b7e7f3951aa6bb2759b0d

    • SSDEEP

      12288:9Mr7y90iScBXC/Dg+jgADJea+4ci7biaH0XFvv5QyJa72Bmjrj:SyJSM0Dg2DJD+M7O8gF35QnSmjH

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.