Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    40C2A7D6BAF2B837FA891F988971DEEF.exe

  • Size

    181KB

  • Sample

    231123-jspblage56

  • MD5

    40c2a7d6baf2b837fa891f988971deef

  • SHA1

    fdd8aa270e3a888641a17f72e918c6d5859e63c8

  • SHA256

    8ba6d00a29c4a11c7fcbf696066abb1e891aef6ab8bbc1f7ddd128da24a9a8f6

  • SHA512

    3867a5e79dd515e0e69f3801d28a611dfb235f8b5b8401089171c508fc27bd40f14073bed41dbc26ea25ca640f672f2c43b25c2c9866b91b7547061be26d2285

  • SSDEEP

    3072:WPBlahblH+Brnc65Ekc2IIPM134sv5fn6aMRYHNhnJJPlRUq:aL6H+h5PpIIioE6CN5nlRX

Malware Config

Extracted

Family

redline

Botnet

git

C2

129.153.80.87:8855

Attributes
  • auth_value

    2eed1f062323c11b744a0508cf87aabe

Targets

    • Target

      40C2A7D6BAF2B837FA891F988971DEEF.exe

    • Size

      181KB

    • MD5

      40c2a7d6baf2b837fa891f988971deef

    • SHA1

      fdd8aa270e3a888641a17f72e918c6d5859e63c8

    • SHA256

      8ba6d00a29c4a11c7fcbf696066abb1e891aef6ab8bbc1f7ddd128da24a9a8f6

    • SHA512

      3867a5e79dd515e0e69f3801d28a611dfb235f8b5b8401089171c508fc27bd40f14073bed41dbc26ea25ca640f672f2c43b25c2c9866b91b7547061be26d2285

    • SSDEEP

      3072:WPBlahblH+Brnc65Ekc2IIPM134sv5fn6aMRYHNhnJJPlRUq:aL6H+h5PpIIioE6CN5nlRX

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks