Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b3ed329b47e2b7162409b682aa61653.exe

  • Size

    284KB

  • Sample

    230630-scwkeade94

  • MD5

    3b3ed329b47e2b7162409b682aa61653

  • SHA1

    32c21b4e0687c88de0687b86d6215c0bf03c7373

  • SHA256

    47677d1b0a154564df5f5fbf5f16e8c2dd493dc3c927ab44afaf971c0120793d

  • SHA512

    b125268b3f35fe6c01b4babf5786082cf3dd3ffa733d8a92d5d3cd1d89f16a24b0923fa73a357fff4da52703bb2610bddb8acf5f9ae455cbe09ea3df430e216b

  • SSDEEP

    6144:isO3VUfHU6Ps3bsmci25sndkzOYFwKBbvoEo+ciVh+d76u578C1A1EofDdxpHSqp:6QHnQLiVhc6uuEABLdb+jWrtJw7EszfG

Malware Config

Extracted

Family

redline

Botnet

1006

C2

176.123.9.142:14845

Attributes
  • auth_value

    b5da80860b093905c2bba6f9377af704

Targets

    • Target

      3b3ed329b47e2b7162409b682aa61653.exe

    • Size

      284KB

    • MD5

      3b3ed329b47e2b7162409b682aa61653

    • SHA1

      32c21b4e0687c88de0687b86d6215c0bf03c7373

    • SHA256

      47677d1b0a154564df5f5fbf5f16e8c2dd493dc3c927ab44afaf971c0120793d

    • SHA512

      b125268b3f35fe6c01b4babf5786082cf3dd3ffa733d8a92d5d3cd1d89f16a24b0923fa73a357fff4da52703bb2610bddb8acf5f9ae455cbe09ea3df430e216b

    • SSDEEP

      6144:isO3VUfHU6Ps3bsmci25sndkzOYFwKBbvoEo+ciVh+d76u578C1A1EofDdxpHSqp:6QHnQLiVhc6uuEABLdb+jWrtJw7EszfG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks