Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74

  • Size

    585KB

  • Sample

    230606-ssvytaec64

  • MD5

    0415bb6aee1df9f71ecffe14f537c363

  • SHA1

    2d762d61dc1930e12a5e36628fda3a5c960a0e2c

  • SHA256

    5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74

  • SHA512

    ddffa01b2414e0b694b45a357fc499685e306ca8e77a2c6c8e4693e17f5ffa406598cd263020cc60cce2b1be805af6547c38bf5a91eaf88066e11d1686a332c0

  • SSDEEP

    12288:KMrWy90ILho/DJV9pYr0Jyp4/uCZz7PZpj1lAiz+g:wyLLh2mcuC/lA4

Malware Config

Extracted

Family

redline

Botnet

diza

C2

83.97.73.126:19048

Attributes
  • auth_value

    0d09b419c8bc967f91c68be4a17e92ee

Targets

    • Target

      5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74

    • Size

      585KB

    • MD5

      0415bb6aee1df9f71ecffe14f537c363

    • SHA1

      2d762d61dc1930e12a5e36628fda3a5c960a0e2c

    • SHA256

      5b5060bfcb1f0633fc56ef13f1b224095aaf8d64284b09639ac34d54c9d09f74

    • SHA512

      ddffa01b2414e0b694b45a357fc499685e306ca8e77a2c6c8e4693e17f5ffa406598cd263020cc60cce2b1be805af6547c38bf5a91eaf88066e11d1686a332c0

    • SSDEEP

      12288:KMrWy90ILho/DJV9pYr0Jyp4/uCZz7PZpj1lAiz+g:wyLLh2mcuC/lA4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks