Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538

  • Size

    304KB

  • Sample

    240424-mm9xwsgh69

  • MD5

    41a5b2dc66d77b7699a4a91f4e119f15

  • SHA1

    9ae487edcc7a581df4f91950b1c218287860ed8a

  • SHA256

    0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538

  • SHA512

    06be92c8a2197ead057858125fb95a11a21e2dd6f3dc8044eaafffc04f2bdf2106b84c829955c50787e2f407a62248ac4ebb3128b4e93559c67d1c76da822761

  • SSDEEP

    6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

Malware Config

Extracted

Family

redline

Botnet

spoo

C2

103.113.70.99:2630

Targets

    • Target

      0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538

    • Size

      304KB

    • MD5

      41a5b2dc66d77b7699a4a91f4e119f15

    • SHA1

      9ae487edcc7a581df4f91950b1c218287860ed8a

    • SHA256

      0d2ad7f78d6bdf3b3156d33994d4d3dda98010d99b7ad0a8be0f10328715b538

    • SHA512

      06be92c8a2197ead057858125fb95a11a21e2dd6f3dc8044eaafffc04f2bdf2106b84c829955c50787e2f407a62248ac4ebb3128b4e93559c67d1c76da822761

    • SSDEEP

      6144:/qY6irwP7YfmrYiJv7TAPAzdcZqf7DI/L:/nwPkiJvGAzdcUzs/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks