Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e287d65d176c4e62988c6a6f948db17c8b5ca17aff063d84bcb364cdae677c7b

  • Size

    404KB

  • Sample

    230718-tfn56sbh96

  • MD5

    5f3a65ae52352269b969d1dda360905d

  • SHA1

    a0d32f2340f55daadb2456f90ce33294c656d21b

  • SHA256

    e287d65d176c4e62988c6a6f948db17c8b5ca17aff063d84bcb364cdae677c7b

  • SHA512

    1e346ef10c4252a59a9392a72f911e481581a0e1560c13d5ac9e8cba17b6b457bec62795f277db16c590c2e128b2410444df798e8f79ee880d3e88c7dbe8fb19

  • SSDEEP

    6144:hKoLjWE6m2pRBHxkCknGx8+lPLpFaBWob/hsi:93mm2Jx182PxpmP

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      e287d65d176c4e62988c6a6f948db17c8b5ca17aff063d84bcb364cdae677c7b

    • Size

      404KB

    • MD5

      5f3a65ae52352269b969d1dda360905d

    • SHA1

      a0d32f2340f55daadb2456f90ce33294c656d21b

    • SHA256

      e287d65d176c4e62988c6a6f948db17c8b5ca17aff063d84bcb364cdae677c7b

    • SHA512

      1e346ef10c4252a59a9392a72f911e481581a0e1560c13d5ac9e8cba17b6b457bec62795f277db16c590c2e128b2410444df798e8f79ee880d3e88c7dbe8fb19

    • SSDEEP

      6144:hKoLjWE6m2pRBHxkCknGx8+lPLpFaBWob/hsi:93mm2Jx182PxpmP

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks