Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    StreamList.exe

  • Size

    733KB

  • Sample

    240125-ger48ahhgq

  • MD5

    16b814f5d97faeb7f388fa00626a6f5d

  • SHA1

    f1ddab5c0553bcad26056d64e3037e7c5bc7391c

  • SHA256

    c4dd5514c42110629dee90c23c5ec4186da39140dc23a952a57085687d6c6a71

  • SHA512

    f811e92f263db7dba10b107d693e0c64afda509b8c9573f826b2931475dea91675e735bc4f60837b932782fedc2dabad5f31fe6533fec8c3dca24b1ec29504b3

  • SSDEEP

    12288:Rh18k70TnvjcUxhzQKo6VxgCgxa5yT2owiJh2:uk70TrcUJfVxScyT2oweh

Malware Config

Extracted

Family

redline

Botnet

@asasasassasassassas

C2

45.15.156.167:80

Targets

    • Target

      StreamList.exe

    • Size

      733KB

    • MD5

      16b814f5d97faeb7f388fa00626a6f5d

    • SHA1

      f1ddab5c0553bcad26056d64e3037e7c5bc7391c

    • SHA256

      c4dd5514c42110629dee90c23c5ec4186da39140dc23a952a57085687d6c6a71

    • SHA512

      f811e92f263db7dba10b107d693e0c64afda509b8c9573f826b2931475dea91675e735bc4f60837b932782fedc2dabad5f31fe6533fec8c3dca24b1ec29504b3

    • SSDEEP

      12288:Rh18k70TnvjcUxhzQKo6VxgCgxa5yT2owiJh2:uk70TrcUJfVxScyT2oweh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • .NET Reactor proctector

      Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks