Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    219KB

  • Sample

    231121-zjptrsge73

  • MD5

    fdacf3668801073be898676b316190c5

  • SHA1

    62d2fe2cd2b4db1990e8da3ae498ff56e13625ee

  • SHA256

    6badd733b6b2e44bf8636cc72a53ab643461d5b1bd63982586aa38456d30f36a

  • SHA512

    d006a13ca09f7c214deb97612cc40ab586872a6a47ea6a9d89c7ef47f142aa8d6e89f318c04137d418bbb9e324e7090e28d6f7cc166edfebf80384cd296f31bc

  • SSDEEP

    3072:udIBU7bNgcix/GrEA7x2KVSnJ4cRSdc61SawFokcKSQ:udyU7bNgciwrExYSJ4c0G61SXik3

Malware Config

Extracted

Family

redline

Botnet

sq3

C2

194.169.175.220:30615

Targets

    • Target

      file.exe

    • Size

      219KB

    • MD5

      fdacf3668801073be898676b316190c5

    • SHA1

      62d2fe2cd2b4db1990e8da3ae498ff56e13625ee

    • SHA256

      6badd733b6b2e44bf8636cc72a53ab643461d5b1bd63982586aa38456d30f36a

    • SHA512

      d006a13ca09f7c214deb97612cc40ab586872a6a47ea6a9d89c7ef47f142aa8d6e89f318c04137d418bbb9e324e7090e28d6f7cc166edfebf80384cd296f31bc

    • SSDEEP

      3072:udIBU7bNgcix/GrEA7x2KVSnJ4cRSdc61SawFokcKSQ:udyU7bNgciwrExYSJ4c0G61SXik3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks