Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    126a17d3c17bfc00c0b85bec0dd6be322664e5d1eee36289f0d4894d54db0db0

  • Size

    578KB

  • Sample

    230606-14n9eafh53

  • MD5

    0a7e31abb542a4d4a9a2c6533dd4fd97

  • SHA1

    1e8918213184f9ba58066a8fd422f06e975e5c68

  • SHA256

    126a17d3c17bfc00c0b85bec0dd6be322664e5d1eee36289f0d4894d54db0db0

  • SHA512

    5da9404585b3b478e162c7a47e4fd75e3665634a9881a0237179b97797cb009cdc45c307920e58785e5ea3f5451a9d6e01370954671257f894afd2c5303da299

  • SSDEEP

    12288:aMrdy90P7WK78bz45BHTd1KdKvtjxEEOXUQh:7yG4bz45hdSKvtjxEdr

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      126a17d3c17bfc00c0b85bec0dd6be322664e5d1eee36289f0d4894d54db0db0

    • Size

      578KB

    • MD5

      0a7e31abb542a4d4a9a2c6533dd4fd97

    • SHA1

      1e8918213184f9ba58066a8fd422f06e975e5c68

    • SHA256

      126a17d3c17bfc00c0b85bec0dd6be322664e5d1eee36289f0d4894d54db0db0

    • SHA512

      5da9404585b3b478e162c7a47e4fd75e3665634a9881a0237179b97797cb009cdc45c307920e58785e5ea3f5451a9d6e01370954671257f894afd2c5303da299

    • SSDEEP

      12288:aMrdy90P7WK78bz45BHTd1KdKvtjxEEOXUQh:7yG4bz45hdSKvtjxEdr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks