Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c21a45127e82ed51f86d2e454927076b2ddde7d46bc05a48d315e1a1777f1ac

  • Size

    365KB

  • Sample

    230806-vqx2habc36

  • MD5

    a5c5ef3ca956a094a82f545428c27f32

  • SHA1

    ad68b74264133ceb3f17f2ad9b83b3f6e220a08b

  • SHA256

    3c21a45127e82ed51f86d2e454927076b2ddde7d46bc05a48d315e1a1777f1ac

  • SHA512

    3de742d88aa07718e893d7c75d87bef458d97d2b890bef838ea4884b90a655f623081ff89e7627df7150d25f3ec960425c6121896a58f83294ef4e87e065877f

  • SSDEEP

    6144:pEGyLlnY/9ifPLjMcPGZuSkp246v345JxhvMnc:pWg9Ogcy3kp2bihvMn

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

51.89.201.49:6932

Attributes
  • auth_value

    3a050df92d0cf082b2cdaf87863616be

Targets

    • Target

      3c21a45127e82ed51f86d2e454927076b2ddde7d46bc05a48d315e1a1777f1ac

    • Size

      365KB

    • MD5

      a5c5ef3ca956a094a82f545428c27f32

    • SHA1

      ad68b74264133ceb3f17f2ad9b83b3f6e220a08b

    • SHA256

      3c21a45127e82ed51f86d2e454927076b2ddde7d46bc05a48d315e1a1777f1ac

    • SHA512

      3de742d88aa07718e893d7c75d87bef458d97d2b890bef838ea4884b90a655f623081ff89e7627df7150d25f3ec960425c6121896a58f83294ef4e87e065877f

    • SSDEEP

      6144:pEGyLlnY/9ifPLjMcPGZuSkp246v345JxhvMnc:pWg9Ogcy3kp2bihvMn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v15

Tasks