Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    OwnCheat.rar

  • Size

    170.3MB

  • Sample

    240516-pvgx7ach5x

  • MD5

    66928562566ed8f3aa397bdf3171f569

  • SHA1

    e211a5cd5a76f4e6914591e138fefb7dc2ffd7db

  • SHA256

    329d442b6323544dc639d3b9f39a91780d925f22d8bc221666a6938c32932952

  • SHA512

    53440b29e33be76cdfb87d0eb9e25fe5e647cac67ef6a1337acb0a5302dc645fca17b5fccd98fbf8f234e68417fb783ef4d7da7f8038d455aeb6b096726d9cd6

  • SSDEEP

    3145728:6qo8GT0V6NASq70zLrRASJVNrUBu+h96ols5t5RSTrGRgInX3KyWaRsLMCqEH3s:6l8GS6NAhAfySJV5aICsSTqRNnHKN9LW

Malware Config

Targets

    • Target

      OwnCheat.rar

    • Size

      170.3MB

    • MD5

      66928562566ed8f3aa397bdf3171f569

    • SHA1

      e211a5cd5a76f4e6914591e138fefb7dc2ffd7db

    • SHA256

      329d442b6323544dc639d3b9f39a91780d925f22d8bc221666a6938c32932952

    • SHA512

      53440b29e33be76cdfb87d0eb9e25fe5e647cac67ef6a1337acb0a5302dc645fca17b5fccd98fbf8f234e68417fb783ef4d7da7f8038d455aeb6b096726d9cd6

    • SSDEEP

      3145728:6qo8GT0V6NASq70zLrRASJVNrUBu+h96ols5t5RSTrGRgInX3KyWaRsLMCqEH3s:6l8GS6NAhAfySJV5aICsSTqRNnHKN9LW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks