Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cb7f2dbecd68994f85137528ce2fc68f43f491c99ea7c231247b76e8b0e7b0ba

  • Size

    462KB

  • Sample

    240508-3w9w9aha45

  • MD5

    b1910535419200a891f5c2a827d7b4e0

  • SHA1

    7c6b9a90802e3b5897c2fc6a70ebdb6de93548c6

  • SHA256

    cb7f2dbecd68994f85137528ce2fc68f43f491c99ea7c231247b76e8b0e7b0ba

  • SHA512

    0ec4ff629358bdf79ee029ffc21b0093fa07f09c8a43f5d45dc0aeb4a960f87c3fc731b155a6032f2d2b7a1890fa7632f30fcede40e9d79a8f35e33442dca1b5

  • SSDEEP

    12288:S3/SNRR4lpxJLeURhAYmVYujbsqboi3VfygKU:S63Glp7Lj3Bujbsq1+

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

C2

5.42.65.77:6541

Targets

    • Target

      cb7f2dbecd68994f85137528ce2fc68f43f491c99ea7c231247b76e8b0e7b0ba

    • Size

      462KB

    • MD5

      b1910535419200a891f5c2a827d7b4e0

    • SHA1

      7c6b9a90802e3b5897c2fc6a70ebdb6de93548c6

    • SHA256

      cb7f2dbecd68994f85137528ce2fc68f43f491c99ea7c231247b76e8b0e7b0ba

    • SHA512

      0ec4ff629358bdf79ee029ffc21b0093fa07f09c8a43f5d45dc0aeb4a960f87c3fc731b155a6032f2d2b7a1890fa7632f30fcede40e9d79a8f35e33442dca1b5

    • SSDEEP

      12288:S3/SNRR4lpxJLeURhAYmVYujbsqboi3VfygKU:S63Glp7Lj3Bujbsq1+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks