Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b882d2fa75dd429d2366009bbe68c3bf3910cc54bce8a1b6e3ec56f8cae11775.exe

  • Size

    1.4MB

  • Sample

    231127-t548pahh63

  • MD5

    45cee4ec3643349ffdf7395f7b4a5b3f

  • SHA1

    26774d3f71bb03f94588b04e9bd8926fc87c6653

  • SHA256

    b882d2fa75dd429d2366009bbe68c3bf3910cc54bce8a1b6e3ec56f8cae11775

  • SHA512

    eac80cdb3cb0371bd429e7a672257d7015ff7ab70f4d6c56ac4ba8abbe3d6e931441389b031220f8c7fcb2decdf8042f76969442c2e7f2d5d2e5f68e8124a08b

  • SSDEEP

    24576:n5hGigbZWG8Srp651ZFL3XVTLcx9+WrCkF2gNCs46sL3f:n0SYP+cRF2gNlsD

Malware Config

Targets

    • Target

      b882d2fa75dd429d2366009bbe68c3bf3910cc54bce8a1b6e3ec56f8cae11775.exe

    • Size

      1.4MB

    • MD5

      45cee4ec3643349ffdf7395f7b4a5b3f

    • SHA1

      26774d3f71bb03f94588b04e9bd8926fc87c6653

    • SHA256

      b882d2fa75dd429d2366009bbe68c3bf3910cc54bce8a1b6e3ec56f8cae11775

    • SHA512

      eac80cdb3cb0371bd429e7a672257d7015ff7ab70f4d6c56ac4ba8abbe3d6e931441389b031220f8c7fcb2decdf8042f76969442c2e7f2d5d2e5f68e8124a08b

    • SSDEEP

      24576:n5hGigbZWG8Srp651ZFL3XVTLcx9+WrCkF2gNCs46sL3f:n0SYP+cRF2gNlsD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks