Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f7891ca59e0907217db3eeafbe751e2d184317a871450b5ec401217a12df9d33.exe

  • Size

    297KB

  • Sample

    240714-l1bftawbnn

  • MD5

    a20fc3377c07aa683a47397f9f5ff355

  • SHA1

    13160e27dcea48dc9c5393948b7918cb2fcdd759

  • SHA256

    f7891ca59e0907217db3eeafbe751e2d184317a871450b5ec401217a12df9d33

  • SHA512

    dcdba7203efeea40366375fb54123b11bba972552795c64cbe912bef137698d308ea8e370732e5a65cba5687fbe6095bd53e5e1e49e3a6d8cf6912ebb61da254

  • SSDEEP

    3072:zqFFrqwIOG/Zyzca1p8oT4ipvJYThdNS8TZ0fHIAcZqf7D34deqiOLCbBO9:OBIOG6h4Pdg8TZixcZqf7DInL

Malware Config

Extracted

Family

redline

Botnet

1307newbild

C2

185.215.113.67:40960

Targets

    • Target

      f7891ca59e0907217db3eeafbe751e2d184317a871450b5ec401217a12df9d33.exe

    • Size

      297KB

    • MD5

      a20fc3377c07aa683a47397f9f5ff355

    • SHA1

      13160e27dcea48dc9c5393948b7918cb2fcdd759

    • SHA256

      f7891ca59e0907217db3eeafbe751e2d184317a871450b5ec401217a12df9d33

    • SHA512

      dcdba7203efeea40366375fb54123b11bba972552795c64cbe912bef137698d308ea8e370732e5a65cba5687fbe6095bd53e5e1e49e3a6d8cf6912ebb61da254

    • SSDEEP

      3072:zqFFrqwIOG/Zyzca1p8oT4ipvJYThdNS8TZ0fHIAcZqf7D34deqiOLCbBO9:OBIOG6h4Pdg8TZixcZqf7DInL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks