Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    df15a783d2a45663daffc435c6aef0e6dc03ad3bbcb40f0eb1bbdece7c85667e

  • Size

    142KB

  • Sample

    240417-rge8jscf6s

  • MD5

    31306dbf39262d94adb55e723838792f

  • SHA1

    9e93dfc99a15da4ebc5aa5bac2c15e2d14b95d84

  • SHA256

    df15a783d2a45663daffc435c6aef0e6dc03ad3bbcb40f0eb1bbdece7c85667e

  • SHA512

    985b94cda0bdfafe50afed06f4479548bee45bc7e80f510034197d5b1785445a881835f8e978ec10ffb30a076906feddb949032f552eb6dce08e8de8314c1fe5

  • SSDEEP

    3072:3OJ+2FXl16Ab2iXTz3vdEvuWvEWsn+Ry6TDjnnQgRR0zzHImleNXdGVD6oYLu:+J+2Jl4LiX33VEmWv1DJ/p0zzvwzG0Xy

Malware Config

Extracted

Family

redline

Botnet

23/02

C2

65.108.20.226:37715

Targets

    • Target

      8a4620c027661d01fe46cc055f621000b7e6bb681c159e58cc0d59c681e06433.exe

    • Size

      508KB

    • MD5

      53706e505c74b5bbcfb4165ee39b563b

    • SHA1

      9dc6a144f057d456aeeb7c32f274e440c24d8723

    • SHA256

      8a4620c027661d01fe46cc055f621000b7e6bb681c159e58cc0d59c681e06433

    • SHA512

      48a7c29d4387a6bf46327564b6f31f8c9f56f497698e7a0aa7a0cb85db2142271d40005dcfac69a914c3628f320af3087f3d9a328c521136b8f565239175584a

    • SSDEEP

      12288:rfjrKrGQ79tHMSv/giv/MOoEtzXtOGf4CXYyV:URbx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks